cxf git commit: [CXF-6736] Passing the code request state directly to some functions

2016-01-11 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/master 0222768ba -> 39c772a07


[CXF-6736] Passing the code request state directly to some functions


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/39c772a0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/39c772a0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/39c772a0

Branch: refs/heads/master
Commit: 39c772a0764b323f98ab58e00345f4fca924c425
Parents: 0222768
Author: Sergey Beryozkin 
Authored: Mon Jan 11 12:51:30 2016 +
Committer: Sergey Beryozkin 
Committed: Mon Jan 11 12:51:30 2016 +

--
 .../oauth2/client/ClientCodeRequestFilter.java  | 14 +---
 .../oidc/rp/OidcClientCodeRequestFilter.java| 35 
 2 files changed, 22 insertions(+), 27 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/39c772a0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index c02688c..0b950c7 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -131,7 +131,8 @@ public class ClientCodeRequestFilter implements 
ContainerRequestFilter {
 }
 
 private Response createCodeResponse(ContainerRequestContext rc, UriInfo 
ui) {
-MultivaluedMap redirectState = createRedirectState(rc, 
ui);
+MultivaluedMap codeRequestState = 
toCodeRequestState(rc, ui);
+MultivaluedMap redirectState = createRedirectState(rc, 
ui, codeRequestState);
 String theState = redirectState != null ? 
redirectState.getFirst(OAuthConstants.STATE) : null;
 String redirectScope = redirectState != null ? 
redirectState.getFirst(OAuthConstants.SCOPE) : null;
 String theScope = redirectScope != null ? redirectScope : scopes;
@@ -142,7 +143,7 @@ public class ClientCodeRequestFilter implements 
ContainerRequestFilter {
  theScope);
 setFormPostResponseMode(ub, redirectState);
 setCodeVerifier(ub, redirectState);
-setAdditionalCodeRequestParams(ub, redirectState);
+setAdditionalCodeRequestParams(ub, redirectState, codeRequestState);
 URI uri = ub.build();
 return Response.seeOther(uri).build();
 }
@@ -165,7 +166,9 @@ public class ClientCodeRequestFilter implements 
ContainerRequestFilter {
 }
 }
 
-protected void setAdditionalCodeRequestParams(UriBuilder ub, 
MultivaluedMap redirectState) {
+protected void setAdditionalCodeRequestParams(UriBuilder ub, 
+  MultivaluedMap redirectState,
+  MultivaluedMap codeRequestState) {
 }
 
 private URI getAbsoluteRedirectUri(UriInfo ui) {
@@ -222,12 +225,13 @@ public class ClientCodeRequestFilter implements 
ContainerRequestFilter {
 JAXRSUtils.getCurrentMessage().setContent(ClientTokenContext.class, 
request);
 }
 
-protected MultivaluedMap 
createRedirectState(ContainerRequestContext rc, UriInfo ui) {
+protected MultivaluedMap 
createRedirectState(ContainerRequestContext rc, 
+ UriInfo ui,
+ 
MultivaluedMap codeRequestState) {
 if (clientStateManager == null) {
 return new MetadataMap();
 }
 String codeVerifier = null;
-MultivaluedMap codeRequestState = 
toCodeRequestState(rc, ui);
 if (codeVerifierTransformer != null) {
 codeVerifier = 
Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
 
codeRequestState.putSingle(OAuthConstants.AUTHORIZATION_CODE_VERIFIER, 

http://git-wip-us.apache.org/repos/asf/cxf/blob/39c772a0/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java
--
diff --git

cxf git commit: [CXF-6736] Passing the code request state directly to some functions

2016-01-11 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes b4bfa886e -> f79eaf42d


[CXF-6736] Passing the code request state directly to some functions


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f79eaf42
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f79eaf42
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f79eaf42

Branch: refs/heads/3.1.x-fixes
Commit: f79eaf42d4640f668077db35b1ced230034c44d9
Parents: b4bfa88
Author: Sergey Beryozkin 
Authored: Mon Jan 11 12:51:30 2016 +
Committer: Sergey Beryozkin 
Committed: Mon Jan 11 12:52:58 2016 +

--
 .../oauth2/client/ClientCodeRequestFilter.java  | 14 +---
 .../oidc/rp/OidcClientCodeRequestFilter.java| 35 
 2 files changed, 22 insertions(+), 27 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/f79eaf42/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index 2845ba6..b47bce7 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -131,7 +131,8 @@ public class ClientCodeRequestFilter implements 
ContainerRequestFilter {
 }
 
 private Response createCodeResponse(ContainerRequestContext rc, UriInfo 
ui) {
-MultivaluedMap redirectState = createRedirectState(rc, 
ui);
+MultivaluedMap codeRequestState = 
toCodeRequestState(rc, ui);
+MultivaluedMap redirectState = createRedirectState(rc, 
ui, codeRequestState);
 String theState = redirectState != null ? 
redirectState.getFirst(OAuthConstants.STATE) : null;
 String redirectScope = redirectState != null ? 
redirectState.getFirst(OAuthConstants.SCOPE) : null;
 String theScope = redirectScope != null ? redirectScope : scopes;
@@ -142,7 +143,7 @@ public class ClientCodeRequestFilter implements 
ContainerRequestFilter {
  theScope);
 setFormPostResponseMode(ub, redirectState);
 setCodeVerifier(ub, redirectState);
-setAdditionalCodeRequestParams(ub, redirectState);
+setAdditionalCodeRequestParams(ub, redirectState, codeRequestState);
 URI uri = ub.build();
 return Response.seeOther(uri).build();
 }
@@ -165,7 +166,9 @@ public class ClientCodeRequestFilter implements 
ContainerRequestFilter {
 }
 }
 
-protected void setAdditionalCodeRequestParams(UriBuilder ub, 
MultivaluedMap redirectState) {
+protected void setAdditionalCodeRequestParams(UriBuilder ub, 
+  MultivaluedMap redirectState,
+  MultivaluedMap codeRequestState) {
 }
 
 private URI getAbsoluteRedirectUri(UriInfo ui) {
@@ -222,12 +225,13 @@ public class ClientCodeRequestFilter implements 
ContainerRequestFilter {
 JAXRSUtils.getCurrentMessage().setContent(ClientTokenContext.class, 
request);
 }
 
-protected MultivaluedMap 
createRedirectState(ContainerRequestContext rc, UriInfo ui) {
+protected MultivaluedMap 
createRedirectState(ContainerRequestContext rc, 
+ UriInfo ui,
+ 
MultivaluedMap codeRequestState) {
 if (clientStateManager == null) {
 return null;
 }
 String codeVerifier = null;
-MultivaluedMap codeRequestState = 
toCodeRequestState(rc, ui);
 if (codeVerifierTransformer != null) {
 codeVerifier = 
Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
 
codeRequestState.putSingle(OAuthConstants.AUTHORIZATION_CODE_VERIFIER, 

http://git-wip-us.apache.org/repos/asf/cxf/blob/f79eaf42/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java
--
diff --git 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java

cxf git commit: Recording .gitmergeinfo Changes

2016-01-11 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes d1acc8cfa -> 25f1d6d7f


Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/25f1d6d7
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/25f1d6d7
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/25f1d6d7

Branch: refs/heads/3.0.x-fixes
Commit: 25f1d6d7ff6ce0c2202c827b9067f354b2af834a
Parents: d1acc8c
Author: Colm O hEigeartaigh 
Authored: Mon Jan 11 14:16:43 2016 +
Committer: Colm O hEigeartaigh 
Committed: Mon Jan 11 14:16:43 2016 +

--
 .gitmergeinfo | 1 +
 1 file changed, 1 insertion(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/25f1d6d7/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index f5d8014..a3af64b 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -386,6 +386,7 @@ B a3e1065d4c2a600f63585a6c892e636f5740cf73
 B a4222c930f7d69608f826c14e4bc7bc9f670097c
 B a4315cb442fa31960cbd47f11e95e81b4a71441d
 B a493fc41c1bdd5d282dac7fec57db9d01987af21
+B a564aea127fa0a385c06b1c7f9f391b68d0f9c50
 B a5aff3e7a43274b3d47cda706aaf8108bd7a9b07
 B a5f8a4dd4d9ecbfc1f8a1a8e5bcb4af17f561cc5
 B a602c9df3e2e09855410f0e75af9b108620b7794

cxf git commit: Enabling some tests following WSS4J fix

2016-01-11 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/master 39c772a07 -> 9a9e0a8a3


Enabling some tests following WSS4J fix


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9a9e0a8a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9a9e0a8a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9a9e0a8a

Branch: refs/heads/master
Commit: 9a9e0a8a37608195c4ef6fbf386728d13d025d2d
Parents: 39c772a
Author: Colm O hEigeartaigh 
Authored: Mon Jan 11 12:12:55 2016 +
Committer: Colm O hEigeartaigh 
Committed: Mon Jan 11 13:57:58 2016 +

--
 .../apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/9a9e0a8a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
--
diff --git 
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
 
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
index cb4627c..8afe278 100644
--- 
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
+++ 
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
@@ -180,7 +180,7 @@ public class AsymmetricBindingTest extends 
AbstractBusClientServerTestBase {
 @org.junit.Test
 public void testUsernameTokenSAML2KeyValue() throws Exception {
 // TODO
-if (test.isStreaming() || STAX_PORT.equals(test.getPort())) {
+if (STAX_PORT.equals(test.getPort())) {
 return;
 }

[1/2] cxf git commit: Recording .gitmergeinfo Changes

2016-01-11 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes f79eaf42d -> 2caad0c68


Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2caad0c6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2caad0c6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2caad0c6

Branch: refs/heads/3.1.x-fixes
Commit: 2caad0c68309fc3f2ccd8aa4795e489c674eab7f
Parents: ac120f4
Author: Colm O hEigeartaigh 
Authored: Mon Jan 11 13:58:11 2016 +
Committer: Colm O hEigeartaigh 
Committed: Mon Jan 11 13:58:11 2016 +

--
 .gitmergeinfo | 1 +
 1 file changed, 1 insertion(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/2caad0c6/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 436297c..a6177bd 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -17,3 +17,4 @@ B f94e1dd9b2a8d27ec5a27bfb7c026e3ae2350e39
 B fb30f8bffc85fcc3208fcc0e1eda4b54a89b5d37
 M 0222768baf6b60742c4a8332308edf2be0f4a2e4
 M 8583a24ac541dc373503d7a6c59cd90890acdae3
+M 9a9e0a8a37608195c4ef6fbf386728d13d025d2d

[2/2] cxf git commit: Enabling some tests following WSS4J fix

2016-01-11 Thread coheigea 
Enabling some tests following WSS4J fix


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ac120f4f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ac120f4f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ac120f4f

Branch: refs/heads/3.1.x-fixes
Commit: ac120f4fcea28162721fbdf4bd8a6a9e071cd540
Parents: f79eaf4
Author: Colm O hEigeartaigh 
Authored: Mon Jan 11 12:12:55 2016 +
Committer: Colm O hEigeartaigh 
Committed: Mon Jan 11 13:58:11 2016 +

--
 .../apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/ac120f4f/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
--
diff --git 
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
 
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
index 68eaec5..42aa986 100644
--- 
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
+++ 
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
@@ -182,7 +182,7 @@ public class AsymmetricBindingTest extends 
AbstractBusClientServerTestBase {
 @org.junit.Ignore
 public void testUsernameTokenSAML2KeyValue() throws Exception {
 // TODO
-if (test.isStreaming() || STAX_PORT.equals(test.getPort())) {
+if (STAX_PORT.equals(test.getPort())) {
 return;
 }

cxf git commit: Recording .gitmergeinfo Changes

2016-01-11 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 6cdfe4bab -> d1acc8cfa


Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d1acc8cf
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d1acc8cf
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d1acc8cf

Branch: refs/heads/3.0.x-fixes
Commit: d1acc8cfabb62670c24d879407778f0ca0e193ff
Parents: 6cdfe4b
Author: Colm O hEigeartaigh 
Authored: Mon Jan 11 14:03:11 2016 +
Committer: Colm O hEigeartaigh 
Committed: Mon Jan 11 14:03:11 2016 +

--
 .gitmergeinfo | 2 ++
 1 file changed, 2 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/d1acc8cf/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 4b39755..f5d8014 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -90,6 +90,7 @@ B 2a2ed67576b525f9708fcb8bd9e8387a277a1f4f
 B 2a5d201be1b85344585094d0f044e9bf1b605fac
 B 2afb9d3cacb299bea854d1ff4824e4c981a41d6a
 B 2ba77327488a8446e6a92af137f644eaf3b06e2e
+B 2caad0c68309fc3f2ccd8aa4795e489c674eab7f
 B 2cb99eed19d1a8f097c4ae54967c6e45a7c03d67
 B 2cfa9011aaada9fe68bd0d9aad7ec86991ede43c
 B 2d3592e667e0ed5c2345b8fe1ae248a6b0fb1b43
@@ -402,6 +403,7 @@ B aac1196c9e2ad02b596e24cc6f18cdb7ec30a21d
 B ab05845f33e5744f9ed9c2b3569a1001c269f923
 B ab3817f5068d88c60dc15ce52504435f9b715c1b
 B ab4eaac0be87291b7f053d144dc8fbf9d98634c3
+B ac120f4fcea28162721fbdf4bd8a6a9e071cd540
 B ac33a5b83e2c487a4e7c08c6c15539e64ceea24e
 B ad1822e1bdcd842c8f9fdb2f5833e73202455086
 B ad5763ef8ea1ff3c8ddea2c3a6fabdaae6acddd6

cxf git commit: Re-enabling test

2016-01-11 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/master 9a9e0a8a3 -> 98aee1f31


Re-enabling test


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/98aee1f3
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/98aee1f3
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/98aee1f3

Branch: refs/heads/master
Commit: 98aee1f3196a6b86dcccbc8f1b0124fd9c532d60
Parents: 9a9e0a8
Author: Colm O hEigeartaigh 
Authored: Mon Jan 11 14:09:09 2016 +
Committer: Colm O hEigeartaigh 
Committed: Mon Jan 11 14:09:09 2016 +

--
 .../org/apache/cxf/systest/http_jetty/EngineLifecycleTest.java   | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/98aee1f3/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/EngineLifecycleTest.java
--
diff --git 
a/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/EngineLifecycleTest.java
 
b/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/EngineLifecycleTest.java
index ae45f51..2c3c099 100644
--- 
a/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/EngineLifecycleTest.java
+++ 
b/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/EngineLifecycleTest.java
@@ -58,9 +58,7 @@ import org.springframework.core.io.Resource;
 /**
  * This class tests starting up and shutting down the embedded server when 
there
  * is extra jetty configuration.
- * This test is ignored by default as it is continually failing on Jenkins.
  */
-@org.junit.Ignore
 public class EngineLifecycleTest extends Assert {
 private static final String PORT1 = 
TestUtil.getPortNumber(EngineLifecycleTest.class, 1);
 private static final String PORT2 = 
TestUtil.getPortNumber(EngineLifecycleTest.class, 2);
@@ -184,7 +182,7 @@ public class EngineLifecycleTest extends Assert {
 
 private void verifyNoServer(String port) {
 try {
-Socket socket = new Socket(InetAddress.getLocalHost(), 
Integer.parseInt(port));
+Socket socket = new 
Socket(InetAddress.getLoopbackAddress().getHostName(), Integer.parseInt(port));
 socket.close();
 } catch (UnknownHostException e) {
 fail("Unknown host for local address");

cxf git commit: Re-enabling test

2016-01-11 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 2caad0c68 -> a564aea12


Re-enabling test


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a564aea1
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a564aea1
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a564aea1

Branch: refs/heads/3.1.x-fixes
Commit: a564aea127fa0a385c06b1c7f9f391b68d0f9c50
Parents: 2caad0c
Author: Colm O hEigeartaigh 
Authored: Mon Jan 11 14:09:09 2016 +
Committer: Colm O hEigeartaigh 
Committed: Mon Jan 11 14:10:28 2016 +

--
 .../org/apache/cxf/systest/http_jetty/EngineLifecycleTest.java   | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/a564aea1/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/EngineLifecycleTest.java
--
diff --git 
a/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/EngineLifecycleTest.java
 
b/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/EngineLifecycleTest.java
index ae45f51..2c3c099 100644
--- 
a/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/EngineLifecycleTest.java
+++ 
b/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/EngineLifecycleTest.java
@@ -58,9 +58,7 @@ import org.springframework.core.io.Resource;
 /**
  * This class tests starting up and shutting down the embedded server when 
there
  * is extra jetty configuration.
- * This test is ignored by default as it is continually failing on Jenkins.
  */
-@org.junit.Ignore
 public class EngineLifecycleTest extends Assert {
 private static final String PORT1 = 
TestUtil.getPortNumber(EngineLifecycleTest.class, 1);
 private static final String PORT2 = 
TestUtil.getPortNumber(EngineLifecycleTest.class, 2);
@@ -184,7 +182,7 @@ public class EngineLifecycleTest extends Assert {
 
 private void verifyNoServer(String port) {
 try {
-Socket socket = new Socket(InetAddress.getLocalHost(), 
Integer.parseInt(port));
+Socket socket = new 
Socket(InetAddress.getLoopbackAddress().getHostName(), Integer.parseInt(port));
 socket.close();
 } catch (UnknownHostException e) {
 fail("Unknown host for local address");

cxf git commit: [CXF-6735] - Add a configuration option to disable the STR Transform

2016-01-11 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes a564aea12 -> 621e9cc86


[CXF-6735] - Add a configuration option to disable the STR Transform


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/621e9cc8
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/621e9cc8
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/621e9cc8

Branch: refs/heads/3.1.x-fixes
Commit: 621e9cc86027ff94330c13b8bcf28c95466cf6c9
Parents: a564aea
Author: Colm O hEigeartaigh 
Authored: Mon Jan 11 16:49:38 2016 +
Committer: Colm O hEigeartaigh 
Committed: Mon Jan 11 16:54:39 2016 +

--
 .../cxf/ws/security/SecurityConstants.java  |  7 +++
 .../policyhandlers/AbstractBindingBuilder.java  | 45 +---
 .../X509SymmetricBindingTest.java   | 38 +
 3 files changed, 75 insertions(+), 15 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/621e9cc8/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
--
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index c88a4ec..f9ebaba 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -132,6 +132,13 @@ public final class SecurityConstants extends 
org.apache.cxf.rt.security.Security
  */
 public static final String 
USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM = 
 "ws-security.swa.encryption.attachment.transform.content";
+
+/**
+ * Whether to use the STR (Security Token Reference) Transform when 
(externally) signing a SAML Token.
+ * The default is true. Some frameworks cannot handle processing the 
SecurityTokenReference is created,
+ * hence set this configuration option to "false" in this case.
+ */
+public static final String USE_STR_TRANSFORM = 
"ws-security.use.str.transform";
 
 //
 // Non-boolean WS-Security Configuration parameters

http://git-wip-us.apache.org/repos/asf/cxf/blob/621e9cc8/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
--
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 815cb8f..4d2f2c5 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -610,6 +610,11 @@ public abstract class AbstractBindingBuilder extends 
AbstractCommonBindingHandle
 
 protected void addSignatureParts(List tokenList, 
List sigParts) {
 
+boolean useSTRTransform = 
+MessageUtils.getContextualBoolean(
+message, SecurityConstants.USE_STR_TRANSFORM, true
+);
+
 for (SupportingToken supportingToken : tokenList) {
 
 Object tempTok = supportingToken.getTokenImplementation();
@@ -647,14 +652,19 @@ public abstract class AbstractBindingBuilder extends 
AbstractCommonBindingHandle
 
 Document doc = 
assertionWrapper.getElement().getOwnerDocument();
 boolean saml1 = assertionWrapper.getSaml1() != null;
-// TODO We only support using a KeyIdentifier for the moment
-SecurityTokenReference secRef = 
-createSTRForSamlAssertion(doc, assertionWrapper.getId(), 
saml1, false);
-Element clone = cloneElement(secRef.getElement());
-addSupportingElement(clone);
-part = new WSEncryptionPart("STRTransform", null, "Element");
-part.setId(secRef.getID());
-part.setElement(clone);
+if (useSTRTransform) {
+// TODO We only support using a KeyIdentifier for the 
moment
+SecurityTokenReference secRef = 
+createSTRForSamlAssertion(doc, 
assertionWrapper.getId(), saml1, false);
+Element clone = cloneElement(secRef.getElement());
+addSupportingElement(clone);
+part = new WSEncryptionPart("STRTransform", null, 
"Element");
+part.setId(secRef.getID());
+part.setElement(clone);
+} else {
+

[1/2] cxf git commit: Recording .gitmergeinfo Changes

2016-01-11 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 25f1d6d7f -> 50ec664ed


Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/50ec664e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/50ec664e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/50ec664e

Branch: refs/heads/3.0.x-fixes
Commit: 50ec664ed2790588a10e048fabf7bbfb7e5f859b
Parents: 4636266
Author: Colm O hEigeartaigh 
Authored: Mon Jan 11 16:58:45 2016 +
Committer: Colm O hEigeartaigh 
Committed: Mon Jan 11 16:58:45 2016 +

--
 .gitmergeinfo | 1 +
 1 file changed, 1 insertion(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/50ec664e/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index a3af64b..4fad3d9 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -705,6 +705,7 @@ M 5e97d1e29e85d80f0679748cc4df0d8e0647ee16
 M 5fbe7b49b88deff15f755c15f5a4c421943acc4f
 M 6106f469f5ae311edf2f7de12038822bc03dc073
 M 6129ec5f6735a986660a2d05c6b3b0c9230610d9
+M 621e9cc86027ff94330c13b8bcf28c95466cf6c9
 M 6292346fb110f0517b791f91d03fd2515d575388
 M 62d70e977895ae06494730d4f4f04282f0bbeb9e
 M 64368a5ddad507fa5d7016cbd07f3e9b5b5fd594

[2/2] cxf git commit: [CXF-6735] - Add a configuration option to disable the STR Transform

2016-01-11 Thread coheigea 
[CXF-6735] - Add a configuration option to disable the STR Transform


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/46362669
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/46362669
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/46362669

Branch: refs/heads/3.0.x-fixes
Commit: 463626698e399b36555a9ca35240f278bfb40153
Parents: 25f1d6d
Author: Colm O hEigeartaigh 
Authored: Mon Jan 11 16:49:38 2016 +
Committer: Colm O hEigeartaigh 
Committed: Mon Jan 11 16:58:45 2016 +

--
 .../cxf/ws/security/SecurityConstants.java  |  7 +++
 .../policyhandlers/AbstractBindingBuilder.java  | 45 +---
 .../X509SymmetricBindingTest.java   | 38 +
 3 files changed, 75 insertions(+), 15 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/46362669/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
--
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index 286eccb..383369c 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -264,6 +264,13 @@ public final class SecurityConstants {
  */
 public static final String 
USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM = 
 "ws-security.swa.encryption.attachment.transform.content";
+
+/**
+ * Whether to use the STR (Security Token Reference) Transform when 
(externally) signing a SAML Token.
+ * The default is true. Some frameworks cannot handle processing the 
SecurityTokenReference is created,
+ * hence set this configuration option to "false" in this case.
+ */
+public static final String USE_STR_TRANSFORM = 
"ws-security.use.str.transform";
 
 //
 // Non-boolean WS-Security Configuration parameters

http://git-wip-us.apache.org/repos/asf/cxf/blob/46362669/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
--
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 2712d60..4d33fc7 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -605,6 +605,11 @@ public abstract class AbstractBindingBuilder extends 
AbstractCommonBindingHandle
 protected void addSignatureParts(List tokenList,
List sigParts) {
 
+boolean useSTRTransform = 
+MessageUtils.getContextualBoolean(
+message, SecurityConstants.USE_STR_TRANSFORM, true
+);
+
 for (SupportingToken supportingToken : tokenList) {
 
 Object tempTok = supportingToken.getTokenImplementation();
@@ -642,14 +647,19 @@ public abstract class AbstractBindingBuilder extends 
AbstractCommonBindingHandle
 
 Document doc = 
assertionWrapper.getElement().getOwnerDocument();
 boolean saml1 = assertionWrapper.getSaml1() != null;
-// TODO We only support using a KeyIdentifier for the moment
-SecurityTokenReference secRef = 
-createSTRForSamlAssertion(doc, assertionWrapper.getId(), 
saml1, false);
-Element clone = cloneElement(secRef.getElement());
-addSupportingElement(clone);
-part = new WSEncryptionPart("STRTransform", null, "Element");
-part.setId(secRef.getID());
-part.setElement(clone);
+if (useSTRTransform) {
+// TODO We only support using a KeyIdentifier for the 
moment
+SecurityTokenReference secRef = 
+createSTRForSamlAssertion(doc, 
assertionWrapper.getId(), saml1, false);
+Element clone = cloneElement(secRef.getElement());
+addSupportingElement(clone);
+part = new WSEncryptionPart("STRTransform", null, 
"Element");
+part.setId(secRef.getID());
+part.setElement(clone);
+} else {
+part = new WSEncryptionPart(assertionWrapper.getId());
+

cxf-fediz git commit: Adding a test

2016-01-11 Thread coheigea 
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 256a8599b -> db74b690c


Adding a test


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/db74b690
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/db74b690
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/db74b690

Branch: refs/heads/master
Commit: db74b690ce3421efa81a0ecd1919e64e937741f8
Parents: 256a859
Author: Colm O hEigeartaigh 
Authored: Mon Jan 11 16:19:47 2016 +
Committer: Colm O hEigeartaigh 
Committed: Mon Jan 11 16:19:47 2016 +

--
 .../core/federation/FederationResponseTest.java | 35 
 .../src/test/resources/fediz_test_config.xml| 31 +
 2 files changed, 66 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/db74b690/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
--
diff --git 
a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
 
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
index 125a2ec..d6d97f8 100644
--- 
a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
+++ 
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
@@ -1572,6 +1572,41 @@ public class FederationResponseTest {
 }
 }
 
+@org.junit.Test
+public void testUnableToFindTruststore() throws Exception {
+SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
+callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+callbackHandler.setIssuer(TEST_RSTR_ISSUER);
+callbackHandler.setSubjectName(TEST_USER);
+ConditionsBean cp = new ConditionsBean();
+AudienceRestrictionBean audienceRestriction = new 
AudienceRestrictionBean();
+audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
+
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
+callbackHandler.setConditions(cp);
+
+SAMLCallback samlCallback = new SAMLCallback();
+SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+SamlAssertionWrapper assertion = new 
SamlAssertionWrapper(samlCallback);
+String rstr = createSamlToken(assertion, "mystskey", true);
+
+FedizRequest wfReq = new FedizRequest();
+wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+wfReq.setResponseToken(rstr);
+
+configurator = null;
+FedizContext config = 
getFederationConfigurator().getFedizContext("BAD_KEYSTORE");
+
+FedizProcessor wfProc = new FederationProcessorImpl();
+try {
+wfProc.processRequest(wfReq, config);
+fail("Failure expected on being unable to find the truststore");
+} catch (ProcessingException ex) {
+ex.printStackTrace();
+// expected
+}
+}
+
 private String encryptAndSignToken(
 SamlAssertionWrapper assertion
 ) throws Exception {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/db74b690/plugins/core/src/test/resources/fediz_test_config.xml
--
diff --git a/plugins/core/src/test/resources/fediz_test_config.xml 
b/plugins/core/src/test/resources/fediz_test_config.xml
index 0feb9b9..82d1a3a 100644
--- a/plugins/core/src/test/resources/fediz_test_config.xml
+++ b/plugins/core/src/test/resources/fediz_test_config.xml
@@ -345,4 +345,35 @@



+   
+   
+   http://host_one:port/url
+   
+   
+   
+   
+
+   
+   
+   
+   
+
+   1000
+   http://www.w3.org/2001/XMLSchema-instance;
+   xsi:type="federationProtocolType" version="1.2">
+   target realm
+   http://url_to_the_issuer
+   ;
+   
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role
+   
+   1
+   reply value
+   REQUEST
+   
+   
+   
+   
+   
+

cxf-fediz git commit: Adding a test

2016-01-11 Thread coheigea 
Repository: cxf-fediz
Updated Branches:
  refs/heads/1.2.x-fixes f4d00969f -> 270f25a77


Adding a test


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/270f25a7
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/270f25a7
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/270f25a7

Branch: refs/heads/1.2.x-fixes
Commit: 270f25a77983d6cd1413842120c19853a4e2d15d
Parents: f4d0096
Author: Colm O hEigeartaigh 
Authored: Mon Jan 11 16:19:47 2016 +
Committer: Colm O hEigeartaigh 
Committed: Mon Jan 11 16:21:03 2016 +

--
 .../core/federation/FederationResponseTest.java | 35 
 .../src/test/resources/fediz_test_config.xml| 31 +
 2 files changed, 66 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/270f25a7/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
--
diff --git 
a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
 
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
index c833d0e..3ce3553 100644
--- 
a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
+++ 
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
@@ -1572,6 +1572,41 @@ public class FederationResponseTest {
 }
 }
 
+@org.junit.Test
+public void testUnableToFindTruststore() throws Exception {
+SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
+callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+callbackHandler.setIssuer(TEST_RSTR_ISSUER);
+callbackHandler.setSubjectName(TEST_USER);
+ConditionsBean cp = new ConditionsBean();
+AudienceRestrictionBean audienceRestriction = new 
AudienceRestrictionBean();
+audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
+
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
+callbackHandler.setConditions(cp);
+
+SAMLCallback samlCallback = new SAMLCallback();
+SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+SamlAssertionWrapper assertion = new 
SamlAssertionWrapper(samlCallback);
+String rstr = createSamlToken(assertion, "mystskey", true);
+
+FedizRequest wfReq = new FedizRequest();
+wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+wfReq.setResponseToken(rstr);
+
+configurator = null;
+FedizContext config = 
getFederationConfigurator().getFedizContext("BAD_KEYSTORE");
+
+FedizProcessor wfProc = new FederationProcessorImpl();
+try {
+wfProc.processRequest(wfReq, config);
+fail("Failure expected on being unable to find the truststore");
+} catch (ProcessingException ex) {
+ex.printStackTrace();
+// expected
+}
+}
+
 private String encryptAndSignToken(
 SamlAssertionWrapper assertion
 ) throws Exception {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/270f25a7/plugins/core/src/test/resources/fediz_test_config.xml
--
diff --git a/plugins/core/src/test/resources/fediz_test_config.xml 
b/plugins/core/src/test/resources/fediz_test_config.xml
index 0feb9b9..82d1a3a 100644
--- a/plugins/core/src/test/resources/fediz_test_config.xml
+++ b/plugins/core/src/test/resources/fediz_test_config.xml
@@ -345,4 +345,35 @@



+   
+   
+   http://host_one:port/url
+   
+   
+   
+   
+
+   
+   
+   
+   
+
+   1000
+   http://www.w3.org/2001/XMLSchema-instance;
+   xsi:type="federationProtocolType" version="1.2">
+   target realm
+   http://url_to_the_issuer
+   ;
+   
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role
+   
+   1
+   reply value
+   REQUEST
+   
+   
+   
+   
+   
+

cxf git commit: [CXF-6735] - Add a configuration option to disable the STR Transform

2016-01-11 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/master 98aee1f31 -> 171c91631


[CXF-6735] - Add a configuration option to disable the STR Transform


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/171c9163
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/171c9163
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/171c9163

Branch: refs/heads/master
Commit: 171c916311d4e1a051993465afbb11c2a3e17dac
Parents: 98aee1f
Author: Colm O hEigeartaigh 
Authored: Mon Jan 11 16:49:38 2016 +
Committer: Colm O hEigeartaigh 
Committed: Mon Jan 11 16:49:38 2016 +

--
 .../cxf/ws/security/SecurityConstants.java  |  7 +++
 .../policyhandlers/AbstractBindingBuilder.java  | 45 +---
 .../X509SymmetricBindingTest.java   | 38 +
 3 files changed, 75 insertions(+), 15 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/171c9163/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
--
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index c88a4ec..f9ebaba 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -132,6 +132,13 @@ public final class SecurityConstants extends 
org.apache.cxf.rt.security.Security
  */
 public static final String 
USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM = 
 "ws-security.swa.encryption.attachment.transform.content";
+
+/**
+ * Whether to use the STR (Security Token Reference) Transform when 
(externally) signing a SAML Token.
+ * The default is true. Some frameworks cannot handle processing the 
SecurityTokenReference is created,
+ * hence set this configuration option to "false" in this case.
+ */
+public static final String USE_STR_TRANSFORM = 
"ws-security.use.str.transform";
 
 //
 // Non-boolean WS-Security Configuration parameters

http://git-wip-us.apache.org/repos/asf/cxf/blob/171c9163/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
--
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 815cb8f..4d2f2c5 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -610,6 +610,11 @@ public abstract class AbstractBindingBuilder extends 
AbstractCommonBindingHandle
 
 protected void addSignatureParts(List tokenList, 
List sigParts) {
 
+boolean useSTRTransform = 
+MessageUtils.getContextualBoolean(
+message, SecurityConstants.USE_STR_TRANSFORM, true
+);
+
 for (SupportingToken supportingToken : tokenList) {
 
 Object tempTok = supportingToken.getTokenImplementation();
@@ -647,14 +652,19 @@ public abstract class AbstractBindingBuilder extends 
AbstractCommonBindingHandle
 
 Document doc = 
assertionWrapper.getElement().getOwnerDocument();
 boolean saml1 = assertionWrapper.getSaml1() != null;
-// TODO We only support using a KeyIdentifier for the moment
-SecurityTokenReference secRef = 
-createSTRForSamlAssertion(doc, assertionWrapper.getId(), 
saml1, false);
-Element clone = cloneElement(secRef.getElement());
-addSupportingElement(clone);
-part = new WSEncryptionPart("STRTransform", null, "Element");
-part.setId(secRef.getID());
-part.setElement(clone);
+if (useSTRTransform) {
+// TODO We only support using a KeyIdentifier for the 
moment
+SecurityTokenReference secRef = 
+createSTRForSamlAssertion(doc, 
assertionWrapper.getId(), saml1, false);
+Element clone = cloneElement(secRef.getElement());
+addSupportingElement(clone);
+part = new WSEncryptionPart("STRTransform", null, 
"Element");
+part.setId(secRef.getID());
+part.setElement(clone);
+} else {
+

svn commit: r977497 - in /websites/production/cxf/content: cache/docs.pageCache docs/ws-securitypolicy.html

2016-01-11 Thread buildbot 
Author: buildbot
Date: Mon Jan 11 17:47:35 2016
New Revision: 977497

Log:
Production update by buildbot for cxf

Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/ws-securitypolicy.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/ws-securitypolicy.html
==
--- websites/production/cxf/content/docs/ws-securitypolicy.html (original)
+++ websites/production/cxf/content/docs/ws-securitypolicy.html Mon Jan 11 
17:47:35 2016
@@ -117,7 +117,7 @@ Apache CXF -- WS-SecurityPolicy
  


-WS-SecurityPolicyCXF 2.2 
introduced support for using http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.3/ws-securitypolicy.html;
 rel="nofollow">WS-SecurityPolicy to configure WSS4J instead of the custom 
configuration documented on the WS-Security page. However, all of the "background" 
material on the WS-Security page 
still applies and is important to know. WS-SecurityPolicy just provides an 
easier and more standards based way to configure and control the security 
requirements. With the security requirements documented in the WSDL as WS-Policy fragments, other tools such as 
.NET can easily know how to configure themselves to inter-operate with CXF 
services.CXF supports WS-SecurityPolicy versions 1.1 and later. It does
  not support WS-SecurityPolicy 1.0.Backwards 
compatibility configuration noteFrom Apache CXF 3.1.0, some of the 
WS-Security based configuration tags have been changed to just start with 
"security-". This is so that they can be shared with the JAX-RS XML Security component. Apart from 
the prefix change, the tags are exactly the same. Older "ws-security-" values 
continue to be accepted in CXF 3.1.0. See the Security Configuration page for 
information on the new shared configuration tags.Enabling 
WS-SecurityPolicyIn CXF 2.2, if the cxf-rt-ws-policy and 
cxf-rt-ws-security modules are available on the classpath, the 
WS-SecurityPolicy stuff is automatically enabled. Since the entire security 
runtime is policy driven, the only requirement is t
 hat the policy engine and security policies be available.If you are 
using the full "bundle" jar, all the security and policy stuff is already 
included.Policy 
descriptionWith WS-SecurityPolicy, the binding and/or operation in the 
wsdl references a WS-Policy fragment 
that describes the basic security requirements for interacting with that 
service. The http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.3/ws-securitypolicy.html;
 rel="nofollow">WS-SecurityPolicy specification allows for specifying 
things like asymmetric/symmetric keys, using transports (https) for encryption, 
which parts/headers to encrypt or sign, whether to sign then encrypt or encrypt 
then sign, whether to include timestamps, whether to use derived keys, etc... 
Basically, it describes what actions are necessary to securely interact with 
the service described in th
 e WSDL.However, the WS-SecurityPolicy fragment does not include 
"everything" that is required for a runtime to be able to able to create the 
messages. It does not describe things such as locations of key stores, user 
names and passwords, etc... Those need to be configured in at runtime to 
augment the WS-SecurityPolicy fragment.Configuring the extra 
propertiesThere are several extra properties that may need to be set to 
provide the additional bits of information to the runtime. Note that you should 
check that a particular property is supported in the version of CXF you are 
using. First, see the Security Configuration page for 
information on the configuration tags that are shared with the JAX-RS XML 
Security component. Here are configuration tags that only apply to the 
WS-SecurityPolicy layer, and hence all start with "ws-security" (as opposed to 
the commo
 n tags which now start with "security-").Boolean
 WS-Security configuration tags, e.g. the value should be "true" or 
"false".constantdefaultdefinitionws-security.validate.tokentrueWhether to validate the password of a received 
UsernameToken or not.ws-security.username-token.always.encryptedtr
 ueWhether to 
always encrypt UsernameTokens that are defined as a SupportingToken. This 
should not be set to false in a production environment, as it exposes the 
password (or the digest of the password) on the wire.ws-security.is-bsp-complianttrueWhether to ensure compliance with the Basic Security 
Profile (BSP) 1.1 or not.ws-security.self-sign-saml-assertionfalseWhether to self-sign a SAML Assertion or 
not. If this is set to true, then an enveloped signature will be generated when 
the SAML Assertion is constructed. Only applies up to CXF 2.7.x.ws-security.enable.nonce.cache(varies)Whether to cache UsernameToken nonces. See