buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4873 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4867 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4866 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4864 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4863 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
cxf git commit: Remove an un-used variable
Repository: cxf Updated Branches: refs/heads/master 1247e04ec -> 7dcfe81d4 Remove an un-used variable Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7dcfe81d Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7dcfe81d Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7dcfe81d Branch: refs/heads/master Commit: 7dcfe81d4b4cdbe65eb84cf00b857fd6f7315faf Parents: 1247e04 Author: Daniel Kulp Authored: Mon Jan 18 15:50:55 2016 -0500 Committer: Daniel Kulp Committed: Mon Jan 18 15:50:55 2016 -0500 -- .../org/apache/cxf/transport/http/AbstractHTTPDestination.java | 6 ++ 1 file changed, 2 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/7dcfe81d/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java -- diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java index d79e75b..11c48d2 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java @@ -726,7 +726,7 @@ public abstract class AbstractHTTPDestination OutputStream os = message.getContent(OutputStream.class); if (os == null) { message.setContent(OutputStream.class, - new WrappedOutputStream(message, response)); + new WrappedOutputStream(message)); } } @@ -758,13 +758,11 @@ public abstract class AbstractHTTPDestination */ private class WrappedOutputStream extends AbstractWrappedOutputStream implements CopyingOutputStream { -protected HttpServletResponse response; private Message outMessage; -WrappedOutputStream(Message m, HttpServletResponse resp) { +WrappedOutputStream(Message m) { super(); this.outMessage = m; -response = resp; }
cxf git commit: [CXF-6749] When using a servlet, attempt to remove the temp dir hook when the servlet is destroyed to prevent a classloader leak. This is an attmempt only and not guaranteed to work.
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes f976a73c4 -> e90072c74 [CXF-6749] When using a servlet, attempt to remove the temp dir hook when the servlet is destroyed to prevent a classloader leak. This is an attmempt only and not guaranteed to work. Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e90072c7 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e90072c7 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e90072c7 Branch: refs/heads/3.0.x-fixes Commit: e90072c7491745f8b76f6e759f660aeb3930a1e9 Parents: f976a73 Author: Daniel Kulp Authored: Mon Jan 18 14:05:58 2016 -0500 Committer: Daniel Kulp Committed: Mon Jan 18 14:22:04 2016 -0500 -- .../java/org/apache/cxf/helpers/FileUtils.java | 63 .../transport/servlet/AbstractHTTPServlet.java | 5 ++ .../transport/servlet/CXFNonSpringServlet.java | 1 + 3 files changed, 59 insertions(+), 10 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/e90072c7/core/src/main/java/org/apache/cxf/helpers/FileUtils.java -- diff --git a/core/src/main/java/org/apache/cxf/helpers/FileUtils.java b/core/src/main/java/org/apache/cxf/helpers/FileUtils.java index 82444d1..a8d3fa5 100644 --- a/core/src/main/java/org/apache/cxf/helpers/FileUtils.java +++ b/core/src/main/java/org/apache/cxf/helpers/FileUtils.java @@ -38,6 +38,7 @@ import org.apache.cxf.common.util.SystemPropertyAction; public final class FileUtils { private static final int RETRY_SLEEP_MILLIS = 10; private static File defaultTempDir; +private static Thread shutdownHook; private static final char[] ILLEGAL_CHARACTERS = {'/', '\n', '\r', '\t', '\0', '\f', '`', '?', '*', '\\', '<', '>', '|', '\"', ':'}; @@ -84,13 +85,51 @@ public final class FileUtils { } } if (defaultTempDir == null) { -defaultTempDir = createTmpDir(); +defaultTempDir = createTmpDir(false); +if (shutdownHook != null) { +Runtime.getRuntime().removeShutdownHook(shutdownHook); +} +shutdownHook = new Thread() { +@Override +public void run() { +removeDir(defaultTempDir, true); +} +}; +Runtime.getRuntime().addShutdownHook(shutdownHook); + } return defaultTempDir; } +public static synchronized void maybeDeleteDefaultTempDir() { +if (defaultTempDir != null) { +Runtime.getRuntime().gc(); // attempt a garbage collect to close any files +String files[] = defaultTempDir.list(); +if (files != null && files.length > 0) { +//there are files in there, we need to attempt some more cleanup + +//HOWEVER, we don't want to just wipe out every file as something may be holding onto +//the files for a reason. We'll re-run the gc and run the finalizers to see if +//anything gets cleaned up. +Runtime.getRuntime().gc(); // attempt a garbage collect to close any files +Runtime.getRuntime().runFinalization(); +Runtime.getRuntime().gc(); +files = defaultTempDir.list(); +} +if (files == null || files.length == 0) { +//all the files are gone, we can remove the shutdownhook and reset +Runtime.getRuntime().removeShutdownHook(shutdownHook); +shutdownHook.run(); +shutdownHook = null; +defaultTempDir = null; +} +} +} + public static File createTmpDir() { -int x = (int)(Math.random() * 100); +return createTmpDir(true); +} +public static File createTmpDir(boolean addHook) { String s = SystemPropertyAction.getProperty("java.io.tmpdir"); File checkExists = new File(s); if (!checkExists.exists() || !checkExists.isDirectory()) { @@ -110,6 +149,8 @@ public final class FileUtils { + "little usable temporary space. Operations" + " requiring temporary files may fail."); } + +int x = (int)(Math.random() * 100); File f = new File(checkExists, "cxf-tmp-" + x); int count = 0; while (!f.mkdir()) { @@ -124,14 +165,16 @@ public final class FileUtils { count++; } File newTmpDir = f; -final File f2 = f; -Thread hook = new Thread() { -@Override -public void run() { -
cxf git commit: [CXF-6749] When using a servlet, attempt to remove the temp dir hook when the servlet is destroyed to prevent a classloader leak. This is an attmempt only and not guaranteed to work. A
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes fada1bbc7 -> c090a8163 [CXF-6749] When using a servlet, attempt to remove the temp dir hook when the servlet is destroyed to prevent a classloader leak. This is an attmempt only and not guaranteed to work. Also use java7 nio2 methods for temp files Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c090a816 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c090a816 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c090a816 Branch: refs/heads/3.1.x-fixes Commit: c090a8163c047bf3c89757afdf9bcbb7107b0818 Parents: fada1bb Author: Daniel Kulp Authored: Mon Jan 18 14:05:58 2016 -0500 Committer: Daniel Kulp Committed: Mon Jan 18 14:17:27 2016 -0500 -- .../java/org/apache/cxf/helpers/FileUtils.java | 99 +++- .../transport/servlet/AbstractHTTPServlet.java | 5 + .../transport/servlet/CXFNonSpringServlet.java | 1 + 3 files changed, 82 insertions(+), 23 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/c090a816/core/src/main/java/org/apache/cxf/helpers/FileUtils.java -- diff --git a/core/src/main/java/org/apache/cxf/helpers/FileUtils.java b/core/src/main/java/org/apache/cxf/helpers/FileUtils.java index 773b821..59632e5 100644 --- a/core/src/main/java/org/apache/cxf/helpers/FileUtils.java +++ b/core/src/main/java/org/apache/cxf/helpers/FileUtils.java @@ -26,6 +26,8 @@ import java.io.FileReader; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; +import java.nio.file.Files; +import java.nio.file.Path; import java.util.ArrayList; import java.util.List; import java.util.Locale; @@ -38,6 +40,7 @@ import org.apache.cxf.common.util.SystemPropertyAction; public final class FileUtils { private static final int RETRY_SLEEP_MILLIS = 10; private static File defaultTempDir; +private static Thread shutdownHook; private static final char[] ILLEGAL_CHARACTERS = {'/', '\n', '\r', '\t', '\0', '\f', '`', '?', '*', '\\', '<', '>', '|', '\"', ':'}; @@ -84,13 +87,51 @@ public final class FileUtils { } } if (defaultTempDir == null) { -defaultTempDir = createTmpDir(); +defaultTempDir = createTmpDir(false); +if (shutdownHook != null) { +Runtime.getRuntime().removeShutdownHook(shutdownHook); +} +shutdownHook = new Thread() { +@Override +public void run() { +removeDir(defaultTempDir, true); +} +}; +Runtime.getRuntime().addShutdownHook(shutdownHook); + } return defaultTempDir; } +public static synchronized void maybeDeleteDefaultTempDir() { +if (defaultTempDir != null) { +Runtime.getRuntime().gc(); // attempt a garbage collect to close any files +String files[] = defaultTempDir.list(); +if (files != null && files.length > 0) { +//there are files in there, we need to attempt some more cleanup + +//HOWEVER, we don't want to just wipe out every file as something may be holding onto +//the files for a reason. We'll re-run the gc and run the finalizers to see if +//anything gets cleaned up. +Runtime.getRuntime().gc(); // attempt a garbage collect to close any files +Runtime.getRuntime().runFinalization(); +Runtime.getRuntime().gc(); +files = defaultTempDir.list(); +} +if (files == null || files.length == 0) { +//all the files are gone, we can remove the shutdownhook and reset +Runtime.getRuntime().removeShutdownHook(shutdownHook); +shutdownHook.run(); +shutdownHook = null; +defaultTempDir = null; +} +} +} + public static File createTmpDir() { -int x = (int)(Math.random() * 100); +return createTmpDir(true); +} +public static File createTmpDir(boolean addHook) { String s = SystemPropertyAction.getProperty("java.io.tmpdir"); File checkExists = new File(s); if (!checkExists.exists() || !checkExists.isDirectory()) { @@ -110,28 +151,40 @@ public final class FileUtils { + "little usable temporary space. Operations" + " requiring temporary files may fail."); } -File f = new File(checkExists, "cxf-tmp-" + x); -int count = 0; -
cxf git commit: [CXF-6749] When using a servlet, attempt to remove the temp dir hook when the servlet is destroyed to prevent a classloader leak. This is an attmempt only and not guaranteed to work. A
Repository: cxf Updated Branches: refs/heads/master 6cc93fb07 -> 1247e04ec [CXF-6749] When using a servlet, attempt to remove the temp dir hook when the servlet is destroyed to prevent a classloader leak. This is an attmempt only and not guaranteed to work. Also use java7 nio2 methods for temp files Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1247e04e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1247e04e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1247e04e Branch: refs/heads/master Commit: 1247e04ec9c7472b136b4c5b58ea99324585984e Parents: 6cc93fb Author: Daniel Kulp Authored: Mon Jan 18 14:05:58 2016 -0500 Committer: Daniel Kulp Committed: Mon Jan 18 14:07:34 2016 -0500 -- .../java/org/apache/cxf/helpers/FileUtils.java | 99 +++- .../transport/servlet/AbstractHTTPServlet.java | 5 + .../transport/servlet/CXFNonSpringServlet.java | 1 + 3 files changed, 82 insertions(+), 23 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/1247e04e/core/src/main/java/org/apache/cxf/helpers/FileUtils.java -- diff --git a/core/src/main/java/org/apache/cxf/helpers/FileUtils.java b/core/src/main/java/org/apache/cxf/helpers/FileUtils.java index 773b821..59632e5 100644 --- a/core/src/main/java/org/apache/cxf/helpers/FileUtils.java +++ b/core/src/main/java/org/apache/cxf/helpers/FileUtils.java @@ -26,6 +26,8 @@ import java.io.FileReader; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; +import java.nio.file.Files; +import java.nio.file.Path; import java.util.ArrayList; import java.util.List; import java.util.Locale; @@ -38,6 +40,7 @@ import org.apache.cxf.common.util.SystemPropertyAction; public final class FileUtils { private static final int RETRY_SLEEP_MILLIS = 10; private static File defaultTempDir; +private static Thread shutdownHook; private static final char[] ILLEGAL_CHARACTERS = {'/', '\n', '\r', '\t', '\0', '\f', '`', '?', '*', '\\', '<', '>', '|', '\"', ':'}; @@ -84,13 +87,51 @@ public final class FileUtils { } } if (defaultTempDir == null) { -defaultTempDir = createTmpDir(); +defaultTempDir = createTmpDir(false); +if (shutdownHook != null) { +Runtime.getRuntime().removeShutdownHook(shutdownHook); +} +shutdownHook = new Thread() { +@Override +public void run() { +removeDir(defaultTempDir, true); +} +}; +Runtime.getRuntime().addShutdownHook(shutdownHook); + } return defaultTempDir; } +public static synchronized void maybeDeleteDefaultTempDir() { +if (defaultTempDir != null) { +Runtime.getRuntime().gc(); // attempt a garbage collect to close any files +String files[] = defaultTempDir.list(); +if (files != null && files.length > 0) { +//there are files in there, we need to attempt some more cleanup + +//HOWEVER, we don't want to just wipe out every file as something may be holding onto +//the files for a reason. We'll re-run the gc and run the finalizers to see if +//anything gets cleaned up. +Runtime.getRuntime().gc(); // attempt a garbage collect to close any files +Runtime.getRuntime().runFinalization(); +Runtime.getRuntime().gc(); +files = defaultTempDir.list(); +} +if (files == null || files.length == 0) { +//all the files are gone, we can remove the shutdownhook and reset +Runtime.getRuntime().removeShutdownHook(shutdownHook); +shutdownHook.run(); +shutdownHook = null; +defaultTempDir = null; +} +} +} + public static File createTmpDir() { -int x = (int)(Math.random() * 100); +return createTmpDir(true); +} +public static File createTmpDir(boolean addHook) { String s = SystemPropertyAction.getProperty("java.io.tmpdir"); File checkExists = new File(s); if (!checkExists.exists() || !checkExists.isDirectory()) { @@ -110,28 +151,40 @@ public final class FileUtils { + "little usable temporary space. Operations" + " requiring temporary files may fail."); } -File f = new File(checkExists, "cxf-tmp-" + x); -int count = 0; -while
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4860 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4859 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
[1/2] cxf-fediz git commit: Some test reshuffling
Repository: cxf-fediz Updated Branches: refs/heads/1.2.x-fixes 85258b076 -> 7584a0c30 Some test reshuffling Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/06d062b6 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/06d062b6 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/06d062b6 Branch: refs/heads/1.2.x-fixes Commit: 06d062b6939cabdfe5275bbfe84337d37a9e8bd3 Parents: 85258b0 Author: Colm O hEigeartaigh Authored: Mon Jan 18 17:09:49 2016 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 17:28:27 2016 + -- systests/cxf/pom.xml| 1 + .../apache/cxf/fediz/systests/idp/IdpTest.java | 4 +- systests/jetty8/pom.xml | 1 + systests/spring/pom.xml | 1 + .../cxf/fediz/integrationtests/Spring2Test.java | 7 + .../fediz/integrationtests/AbstractTests.java | 54 systests/tests/src/test/resources/entity.xml| 25 ++ systests/tomcat7/pom.xml| 1 + .../EntityExpansionAttackTest.java | 247 --- systests/tomcat7/src/test/resources/entity.xml | 25 -- 10 files changed, 91 insertions(+), 275 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/06d062b6/systests/cxf/pom.xml -- diff --git a/systests/cxf/pom.xml b/systests/cxf/pom.xml index 2df0611..3052d4b 100644 --- a/systests/cxf/pom.xml +++ b/systests/cxf/pom.xml @@ -92,6 +92,7 @@ ${project.version} test-jar test +tests org.apache.tomcat.embed http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/06d062b6/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java -- diff --git a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java index f9948f5..3a70ca9 100644 --- a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java +++ b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java @@ -20,7 +20,6 @@ package org.apache.cxf.fediz.systests.idp; import java.io.File; -import java.io.FileInputStream; import java.net.URLEncoder; import org.w3c.dom.Document; @@ -286,8 +285,7 @@ public class IdpTest { String wreply = "https://localhost:"; + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; url += "&wreply=" + wreply; -FileInputStream is = new FileInputStream("src/test/resources/entity_wreq.xml"); -String entity = IOUtils.toString(is); +String entity = IOUtils.toString(this.getClass().getClassLoader().getResource("entity_wreq.xml").openStream()); String validWreq = "http://docs.oasis-open.org/ws-sx/ws-trust/200512\";>" + "&m;http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/06d062b6/systests/jetty8/pom.xml -- diff --git a/systests/jetty8/pom.xml b/systests/jetty8/pom.xml index bf1e594..ba774a4 100644 --- a/systests/jetty8/pom.xml +++ b/systests/jetty8/pom.xml @@ -80,6 +80,7 @@ ${project.version} test-jar test +tests org.slf4j http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/06d062b6/systests/spring/pom.xml -- diff --git a/systests/spring/pom.xml b/systests/spring/pom.xml index 23f89bd..1d9e457 100644 --- a/systests/spring/pom.xml +++ b/systests/spring/pom.xml @@ -92,6 +92,7 @@ ${project.version} test-jar test +tests org.hsqldb http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/06d062b6/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java -- diff --git a/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java b/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java index 3bb2aa5..ed1acfe 100644 --- a/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java +++ b/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java @@ -107,4 +107,11 @@ public class Spring2Test extends AbstractTests { public void testRPLogout() throws Exception { } + +@Overr
[2/2] cxf-fediz git commit: Minor changes
Minor changes Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/7584a0c3 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/7584a0c3 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/7584a0c3 Branch: refs/heads/1.2.x-fixes Commit: 7584a0c30c9f8fddfff52560d8db884a73b00451 Parents: 06d062b Author: Colm O hEigeartaigh Authored: Mon Jan 18 17:26:35 2016 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 17:28:52 2016 + -- .../apache/cxf/fediz/integrationtests/AbstractTests.java| 9 ++--- 1 file changed, 2 insertions(+), 7 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/7584a0c3/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java -- diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java index 3648f5e..c008556 100644 --- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java +++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java @@ -48,12 +48,7 @@ import org.junit.Assert; import org.junit.Test; public abstract class AbstractTests { - -static final String TEST_WREQ = -"http://docs.oasis-open.org/ws-sx/ws-trust/200512\";>" -+ "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV3.0" -+ ""; - + static { WSSConfig.init(); } @@ -626,7 +621,7 @@ public abstract class AbstractTests { @Test public void testEntityExpansionAttack() throws Exception { -String url = "https://localhost:"; + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet"; +String url = "https://localhost:"; + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; String user = "alice"; String password = "ecila";
[1/2] cxf-fediz git commit: Minor changes
Repository: cxf-fediz Updated Branches: refs/heads/master c330c42e1 -> 445e34089 Minor changes Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/445e3408 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/445e3408 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/445e3408 Branch: refs/heads/master Commit: 445e3408989e49c628e1ba6e8322a375273c2da9 Parents: ca84387 Author: Colm O hEigeartaigh Authored: Mon Jan 18 17:26:35 2016 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 17:26:46 2016 + -- .../org/apache/cxf/fediz/integrationtests/AbstractTests.java | 7 +-- 1 file changed, 1 insertion(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/445e3408/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java -- diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java index 05d7c1c..c9245e4 100644 --- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java +++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java @@ -49,11 +49,6 @@ import org.junit.Test; public abstract class AbstractTests { -static final String TEST_WREQ = -"http://docs.oasis-open.org/ws-sx/ws-trust/200512\";>" -+ "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV3.0" -+ ""; - static { WSSConfig.init(); } @@ -643,7 +638,7 @@ public abstract class AbstractTests { @Test public void testEntityExpansionAttack() throws Exception { -String url = "https://localhost:"; + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet"; +String url = "https://localhost:"; + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; String user = "alice"; String password = "ecila";
[2/2] cxf-fediz git commit: Some test reshuffling
Some test reshuffling Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/ca843877 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/ca843877 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/ca843877 Branch: refs/heads/master Commit: ca843877ff476d45a0981cef5f4bad34f6d738ce Parents: c330c42 Author: Colm O hEigeartaigh Authored: Mon Jan 18 17:09:49 2016 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 17:26:46 2016 + -- systests/cxf/pom.xml| 1 + .../apache/cxf/fediz/systests/idp/IdpTest.java | 4 +- systests/jetty8/pom.xml | 1 + systests/jetty9/pom.xml | 1 + systests/spring/pom.xml | 1 + .../cxf/fediz/integrationtests/Spring2Test.java | 8 +- .../fediz/integrationtests/AbstractTests.java | 57 + systests/tests/src/test/resources/entity.xml| 25 ++ systests/tomcat7/pom.xml| 1 + .../EntityExpansionAttackTest.java | 247 --- systests/tomcat7/src/test/resources/entity.xml | 25 -- systests/tomcat8/pom.xml| 1 + .../EntityExpansionAttackTest.java | 247 --- systests/tomcat8/src/test/resources/entity.xml | 25 -- 14 files changed, 96 insertions(+), 548 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ca843877/systests/cxf/pom.xml -- diff --git a/systests/cxf/pom.xml b/systests/cxf/pom.xml index 8d00ae0..c8cf93d 100644 --- a/systests/cxf/pom.xml +++ b/systests/cxf/pom.xml @@ -92,6 +92,7 @@ ${project.version} test-jar test +tests org.apache.tomcat.embed http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ca843877/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java -- diff --git a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java index 3947229..601d7c7 100644 --- a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java +++ b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java @@ -20,7 +20,6 @@ package org.apache.cxf.fediz.systests.idp; import java.io.File; -import java.io.FileInputStream; import java.net.URLEncoder; import org.w3c.dom.Document; @@ -294,8 +293,7 @@ public class IdpTest { String wreply = "https://localhost:"; + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; url += "&wreply=" + wreply; -FileInputStream is = new FileInputStream("src/test/resources/entity_wreq.xml"); -String entity = IOUtils.toString(is); +String entity = IOUtils.toString(this.getClass().getClassLoader().getResource("entity_wreq.xml").openStream()); String validWreq = "http://docs.oasis-open.org/ws-sx/ws-trust/200512\";>" + "&m;http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ca843877/systests/jetty8/pom.xml -- diff --git a/systests/jetty8/pom.xml b/systests/jetty8/pom.xml index 7d7badd..6d85a6e 100644 --- a/systests/jetty8/pom.xml +++ b/systests/jetty8/pom.xml @@ -80,6 +80,7 @@ ${project.version} test-jar test +tests org.slf4j http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ca843877/systests/jetty9/pom.xml -- diff --git a/systests/jetty9/pom.xml b/systests/jetty9/pom.xml index 5e2c126..80fa755 100644 --- a/systests/jetty9/pom.xml +++ b/systests/jetty9/pom.xml @@ -74,6 +74,7 @@ ${project.version} test-jar test +tests org.slf4j http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ca843877/systests/spring/pom.xml -- diff --git a/systests/spring/pom.xml b/systests/spring/pom.xml index 9cb2940..54ad159 100644 --- a/systests/spring/pom.xml +++ b/systests/spring/pom.xml @@ -88,6 +88,7 @@ ${project.version} test-jar test +tests org.hsqldb http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ca843877/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java --
cxf-fediz git commit: Optional support for the pre-registered scopes for clients
Repository: cxf-fediz Updated Branches: refs/heads/master 6b400f10a -> c330c42e1 Optional support for the pre-registered scopes for clients Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/c330c42e Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/c330c42e Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/c330c42e Branch: refs/heads/master Commit: c330c42e10d07c63291e898ef4de6d09b210a05c Parents: 6b400f1 Author: Sergey Beryozkin Authored: Mon Jan 18 17:11:21 2016 + Committer: Sergey Beryozkin Committed: Mon Jan 18 17:11:21 2016 + -- .../service/oidc/ClientRegistrationService.java | 12 +++- .../src/main/webapp/WEB-INF/applicationContext.xml | 6 ++ .../oidc/src/main/webapp/WEB-INF/data-manager.xml| 15 --- 3 files changed, 25 insertions(+), 8 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c330c42e/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java -- diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java index af0dc7f..66932eb 100644 --- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java +++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java @@ -19,6 +19,7 @@ package org.apache.cxf.fediz.service.oidc; +import java.util.ArrayList; import java.util.Collection; import java.util.Collections; import java.util.HashSet; @@ -52,7 +53,8 @@ public class ClientRegistrationService { private OAuthDataManager manager; private Map homeRealms = new LinkedHashMap(); private boolean protectIdTokenWithClientSecret; - +private Map clientScopes; + @Context private SecurityContext sc; @@ -195,6 +197,10 @@ public class ClientRegistrationService { newClient.setRegisteredAt(System.currentTimeMillis() / 1000); +if (clientScopes != null && !clientScopes.isEmpty()) { +newClient.setRegisteredScopes(new ArrayList(clientScopes.keySet())); +} + return registerNewClient(newClient); } @@ -256,4 +262,8 @@ public class ClientRegistrationService { public void setProtectIdTokenWithClientSecret(boolean protectIdTokenWithClientSecret) { this.protectIdTokenWithClientSecret = protectIdTokenWithClientSecret; } + +public void setClientScopes(Map clientScopes) { +this.clientScopes = clientScopes; +} } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c330c42e/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml -- diff --git a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml index 9bdf677..baa2861 100644 --- a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml +++ b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml @@ -40,6 +40,9 @@ + @@ -91,6 +94,9 @@ + http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c330c42e/services/oidc/src/main/webapp/WEB-INF/data-manager.xml -- diff --git a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml index da299c0..7804d38 100644 --- a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml +++ b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml @@ -19,9 +19,12 @@ --> http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; +xmlns:util="http://www.springframework.org/schema/util"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd +http://www.springframework.org/schema/util +http://www.springframework.org/schema/util/spring-util.xsd "> @@ -29,15 +32,13 @@ + + + + - +
cxf-fediz git commit: [FEDIZ-145] Adding Swagger UI for REST API
Repository: cxf-fediz Updated Branches: refs/heads/master 33c86fc33 -> 6b400f10a [FEDIZ-145] Adding Swagger UI for REST API Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/6b400f10 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/6b400f10 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/6b400f10 Branch: refs/heads/master Commit: 6b400f10aaafdd0573bc9028c1a482f03e0ddfe2 Parents: 33c86fc Author: Jan Bernhardt Authored: Mon Jan 18 17:55:48 2016 +0100 Committer: Jan Bernhardt Committed: Mon Jan 18 18:02:47 2016 +0100 -- services/idp/pom.xml| 82 +- .../idp/src/main/webapp/WEB-INF/idp-servlet.xml | 3 + .../main/webapp/resources/swagger/index.html| 156 +++ 3 files changed, 235 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6b400f10/services/idp/pom.xml -- diff --git a/services/idp/pom.xml b/services/idp/pom.xml index baa33f1..c1fa70f 100644 --- a/services/idp/pom.xml +++ b/services/idp/pom.xml @@ -28,6 +28,11 @@ fediz-idp Apache Fediz IDP war + + +2.1.0 + + @@ -242,12 +247,6 @@ swagger-jaxrs 1.5.6 - - org.webjars - swagger-ui - 2.1.0 - provided - @@ -337,6 +336,77 @@ +org.apache.maven.plugins +maven-dependency-plugin + + +generate-resources + +unpack + + + + +org.webjars +swagger-ui +${swagger-ui.version} +true + ${project.build.directory}/swagger-ui +**/*.gz + + + + + + + +org.apache.maven.plugins +maven-resources-plugin + + +copy-swagger-resources-in-place +process-resources + +copy-resources + + + ${project.build.directory}/${project.build.finalName}/resources/swagger + + + ${project.build.directory}/swagger-ui/META-INF/resources/webjars/swagger-ui/${swagger-ui.version} + +index.html +swagger-ui.min.js + + + + + + + + +org.apache.maven.plugins +maven-antrun-plugin +true + + +addMatrixParamSupport +process-resources + +run + + + + + + + + + + org.codehaus.mojo build-helper-maven-plugin http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6b400f10/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml -- diff --git a/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml b/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml index 003969a..638a9c8 100644 --- a/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml +++ b/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml @@ -37,6 +37,9 @@ + + + http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6b400f10/services/idp/src/main/webapp/resources/swagger/index.html -- diff --git a/services/idp/src/main/webapp/resources/swagger/index.html b/services/idp/src/main/webapp/resources/s
cxf git commit: Making sure the pre-registered client scopes can be accumulated with the requested scopes
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 2cc284874 -> fada1bbc7 Making sure the pre-registered client scopes can be accumulated with the requested scopes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/fada1bbc Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/fada1bbc Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/fada1bbc Branch: refs/heads/3.1.x-fixes Commit: fada1bbc76067b5a1781bbd10773c2ff32571315 Parents: 2cc2848 Author: Sergey Beryozkin Authored: Mon Jan 18 16:52:44 2016 + Committer: Sergey Beryozkin Committed: Mon Jan 18 16:54:07 2016 + -- .../oauth2/grants/refresh/RefreshTokenGrantHandler.java | 6 ++ .../oauth2/services/DirectAuthorizationService.java | 6 ++ .../oauth2/services/RedirectionBasedGrantService.java | 8 +++- .../apache/cxf/rs/security/oauth2/utils/OAuthUtils.java | 12 +++- 4 files changed, 30 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/fada1bbc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java index f64394b..3553736 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java @@ -35,6 +35,7 @@ public class RefreshTokenGrantHandler implements AccessTokenGrantHandler { private OAuthDataProvider dataProvider; private boolean partialMatchScopeValidation; +private boolean useAllClientScopes; public void setDataProvider(OAuthDataProvider dataProvider) { this.dataProvider = dataProvider; @@ -49,6 +50,7 @@ public class RefreshTokenGrantHandler implements AccessTokenGrantHandler { String refreshToken = params.getFirst(OAuthConstants.REFRESH_TOKEN); List requestedScopes = OAuthUtils.getRequestedScopes(client, params.getFirst(OAuthConstants.SCOPE), +useAllClientScopes, partialMatchScopeValidation); return dataProvider.refreshAccessToken(client, refreshToken, requestedScopes); @@ -57,4 +59,8 @@ public class RefreshTokenGrantHandler implements AccessTokenGrantHandler { public void setPartialMatchScopeValidation(boolean partialMatchScopeValidation) { this.partialMatchScopeValidation = partialMatchScopeValidation; } + +public void setUseAllClientScopes(boolean useAllClientScopes) { +this.useAllClientScopes = useAllClientScopes; +} } http://git-wip-us.apache.org/repos/asf/cxf/blob/fada1bbc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java index 26212d8..f88a85a 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java @@ -45,6 +45,7 @@ import org.apache.cxf.security.SecurityContext; public class DirectAuthorizationService extends AbstractOAuthService { private SubjectCreator subjectCreator; private boolean partialMatchScopeValidation; +private boolean useAllClientScopes; @POST @Consumes("application/x-www-form-urlencoded") @Produces("text/html") @@ -62,6 +63,7 @@ public class DirectAuthorizationService extends AbstractOAuthService { String providedScope = params.getFirst(OAuthConstants.SCOPE); List requestedScope = OAuthUtils.getRequestedScopes(client, providedScope, + useAllClientScopes, partialMatchScopeValidation); reg.setRequestedScope(requestedScope);
cxf git commit: Making sure the pre-registered client scopes can be accumulated with the requested scopes
Repository: cxf Updated Branches: refs/heads/master 2d5bc09bd -> 6cc93fb07 Making sure the pre-registered client scopes can be accumulated with the requested scopes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6cc93fb0 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6cc93fb0 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6cc93fb0 Branch: refs/heads/master Commit: 6cc93fb07362027d09967932776821352d88b62b Parents: 2d5bc09 Author: Sergey Beryozkin Authored: Mon Jan 18 16:52:44 2016 + Committer: Sergey Beryozkin Committed: Mon Jan 18 16:52:44 2016 + -- .../oauth2/grants/refresh/RefreshTokenGrantHandler.java | 6 ++ .../oauth2/services/DirectAuthorizationService.java | 6 ++ .../oauth2/services/RedirectionBasedGrantService.java | 8 +++- .../apache/cxf/rs/security/oauth2/utils/OAuthUtils.java | 12 +++- 4 files changed, 30 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/6cc93fb0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java index f64394b..3553736 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java @@ -35,6 +35,7 @@ public class RefreshTokenGrantHandler implements AccessTokenGrantHandler { private OAuthDataProvider dataProvider; private boolean partialMatchScopeValidation; +private boolean useAllClientScopes; public void setDataProvider(OAuthDataProvider dataProvider) { this.dataProvider = dataProvider; @@ -49,6 +50,7 @@ public class RefreshTokenGrantHandler implements AccessTokenGrantHandler { String refreshToken = params.getFirst(OAuthConstants.REFRESH_TOKEN); List requestedScopes = OAuthUtils.getRequestedScopes(client, params.getFirst(OAuthConstants.SCOPE), +useAllClientScopes, partialMatchScopeValidation); return dataProvider.refreshAccessToken(client, refreshToken, requestedScopes); @@ -57,4 +59,8 @@ public class RefreshTokenGrantHandler implements AccessTokenGrantHandler { public void setPartialMatchScopeValidation(boolean partialMatchScopeValidation) { this.partialMatchScopeValidation = partialMatchScopeValidation; } + +public void setUseAllClientScopes(boolean useAllClientScopes) { +this.useAllClientScopes = useAllClientScopes; +} } http://git-wip-us.apache.org/repos/asf/cxf/blob/6cc93fb0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java index 26212d8..f88a85a 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java @@ -45,6 +45,7 @@ import org.apache.cxf.security.SecurityContext; public class DirectAuthorizationService extends AbstractOAuthService { private SubjectCreator subjectCreator; private boolean partialMatchScopeValidation; +private boolean useAllClientScopes; @POST @Consumes("application/x-www-form-urlencoded") @Produces("text/html") @@ -62,6 +63,7 @@ public class DirectAuthorizationService extends AbstractOAuthService { String providedScope = params.getFirst(OAuthConstants.SCOPE); List requestedScope = OAuthUtils.getRequestedScopes(client, providedScope, + useAllClientScopes, partialMatchScopeValidation); reg.setRequestedScope(requestedScope); @@ -1
svn commit: r1725300 - /cxf/web/pom.xml
Author: dkulp Date: Mon Jan 18 16:20:57 2016 New Revision: 1725300 URL: http://svn.apache.org/viewvc?rev=1725300&view=rev Log: Update to 3.1.4 of cxf Modified: cxf/web/pom.xml Modified: cxf/web/pom.xml URL: http://svn.apache.org/viewvc/cxf/web/pom.xml?rev=1725300&r1=1725299&r2=1725300&view=diff == --- cxf/web/pom.xml (original) +++ cxf/web/pom.xml Mon Jan 18 16:20:57 2016 @@ -28,11 +28,11 @@ org.apache.cxf cxf-parent -3.1.1 +3.1.4 -3.1.1 +3.1.4
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4857 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
cxf git commit: Only create the TokenReplayCache if it is required
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 8bf60be53 -> f976a73c4 Only create the TokenReplayCache if it is required Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f976a73c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f976a73c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f976a73c Branch: refs/heads/3.0.x-fixes Commit: f976a73c4ac47f419462c8e091c8fd541593b912 Parents: 8bf60be Author: Colm O hEigeartaigh Authored: Mon Jan 18 15:28:40 2016 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 15:29:40 2016 + -- .../saml/sso/AbstractRequestAssertionConsumerHandler.java| 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/f976a73c/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java -- diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java index 119556d..16afc2a 100644 --- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java +++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java @@ -322,7 +322,9 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS ssoResponseValidator.setEnforceAssertionsSigned(enforceAssertionsSigned); ssoResponseValidator.setEnforceResponseSigned(enforceResponseSigned); ssoResponseValidator.setEnforceKnownIssuer(enforceKnownIssuer); -ssoResponseValidator.setReplayCache(getReplayCache()); +if (postBinding) { +ssoResponseValidator.setReplayCache(getReplayCache()); +} return ssoResponseValidator.validateSamlResponse(samlResponse, postBinding); } catch (WSSecurityException ex) {
cxf git commit: Only create the TokenReplayCache if it is required
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 99caed075 -> 2cc284874 Only create the TokenReplayCache if it is required Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2cc28487 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2cc28487 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2cc28487 Branch: refs/heads/3.1.x-fixes Commit: 2cc28487417260c4ae0846f4b86c93d07ee1ac41 Parents: 99caed0 Author: Colm O hEigeartaigh Authored: Mon Jan 18 15:28:40 2016 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 15:29:04 2016 + -- .../saml/sso/AbstractRequestAssertionConsumerHandler.java| 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/2cc28487/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java -- diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java index 2de61ae..3c110a1 100644 --- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java +++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java @@ -317,7 +317,9 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS ssoResponseValidator.setEnforceAssertionsSigned(enforceAssertionsSigned); ssoResponseValidator.setEnforceResponseSigned(enforceResponseSigned); ssoResponseValidator.setEnforceKnownIssuer(enforceKnownIssuer); -ssoResponseValidator.setReplayCache(getReplayCache()); +if (postBinding) { +ssoResponseValidator.setReplayCache(getReplayCache()); +} return ssoResponseValidator.validateSamlResponse(samlResponse, postBinding); } catch (WSSecurityException ex) {
cxf git commit: Only create the TokenReplayCache if it is required
Repository: cxf Updated Branches: refs/heads/master 6c7cbe317 -> 2d5bc09bd Only create the TokenReplayCache if it is required Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2d5bc09b Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2d5bc09b Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2d5bc09b Branch: refs/heads/master Commit: 2d5bc09bdff68241e6f597ea2a5de85f969b8619 Parents: 6c7cbe3 Author: Colm O hEigeartaigh Authored: Mon Jan 18 15:28:40 2016 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 15:28:40 2016 + -- .../saml/sso/AbstractRequestAssertionConsumerHandler.java| 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/2d5bc09b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java -- diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java index 2de61ae..3c110a1 100644 --- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java +++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java @@ -317,7 +317,9 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS ssoResponseValidator.setEnforceAssertionsSigned(enforceAssertionsSigned); ssoResponseValidator.setEnforceResponseSigned(enforceResponseSigned); ssoResponseValidator.setEnforceKnownIssuer(enforceKnownIssuer); -ssoResponseValidator.setReplayCache(getReplayCache()); +if (postBinding) { +ssoResponseValidator.setReplayCache(getReplayCache()); +} return ssoResponseValidator.validateSamlResponse(samlResponse, postBinding); } catch (WSSecurityException ex) {
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4856 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
[1/2] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 8858a63be -> 8bf60be53 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8bf60be5 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8bf60be5 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8bf60be5 Branch: refs/heads/3.0.x-fixes Commit: 8bf60be532047d88cd930e9b4317ffab625a4171 Parents: 3863a2a Author: Colm O hEigeartaigh Authored: Mon Jan 18 14:45:09 2016 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 14:45:09 2016 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/8bf60be5/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index aa67a5b..790543e 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -503,6 +503,7 @@ B d5d87b8c7949bd0d8d8d5b5d5dc435e14aaf8fa4 B d5ea460f20d60c0496c70a2cf0b7f0484d48c806 B d649aed452bb668ec575bd140c7a085e12b4b255 B d68f140c76cf7e390dfce134ea5c5d97f129e65d +B d6ff1564248ae7926ab105f6f56018acdc6494b3 B d8a6bdbd2c84b3fa0187de935e294d5f66974e46 B d9f624e2eca8affa20243583ace087a8cbba3ac8 B da4ccb008fcad909025cab0a00c56c00728c195b
[2/2] cxf git commit: Enforce all Assertions must be signed in some way by default
Enforce all Assertions must be signed in some way by default Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3863a2a7 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3863a2a7 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3863a2a7 Branch: refs/heads/3.0.x-fixes Commit: 3863a2a71d6398491447c2f024f1595fbb921b34 Parents: 8858a63 Author: Colm O hEigeartaigh Authored: Mon Jan 18 14:43:41 2016 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 14:45:09 2016 + -- .../saml/sso/SAMLSSOResponseValidator.java | 8 ++-- .../saml/sso/CombinedValidatorTest.java | 1 + .../saml/sso/SAMLSSOResponseValidatorTest.java | 49 3 files changed, 54 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/3863a2a7/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java -- diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java index 8da52c8..70c659f 100644 --- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java +++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java @@ -50,7 +50,8 @@ public class SAMLSSOResponseValidator { private TokenReplayCache replayCache; /** - * Enforce that Assertions must be signed if the POST binding was used. The default is true. + * Enforce that Assertions contained in the Response must be signed (if the Response itself is not + * signed). The default is true. */ public void setEnforceAssertionsSigned(boolean enforceAssertionsSigned) { this.enforceAssertionsSigned = enforceAssertionsSigned; @@ -108,9 +109,8 @@ public class SAMLSSOResponseValidator { } validateIssuer(assertion.getIssuer()); -if (enforceAssertionsSigned && postBinding && assertion.getSignature() == null) { -LOG.fine("If the HTTP Post binding is used to deliver the Response, " - + "the enclosed assertions must be signed"); +if (!enforceResponseSigned && enforceAssertionsSigned && assertion.getSignature() == null) { +LOG.fine("The enclosed assertions in the SAML Response must be signed"); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } http://git-wip-us.apache.org/repos/asf/cxf/blob/3863a2a7/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java -- diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java index 3150a0e..261a630 100644 --- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java +++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java @@ -168,6 +168,7 @@ public class CombinedValidatorTest extends org.junit.Assert { // Test SSO validation SAMLSSOResponseValidator ssoValidator = new SAMLSSOResponseValidator(); +ssoValidator.setEnforceAssertionsSigned(false); ssoValidator.setIssuerIDP("http://cxf.apache.org/issuer";); ssoValidator.setAssertionConsumerURL("http://recipient.apache.org";); ssoValidator.setClientAddress("http://apache.org";); http://git-wip-us.apache.org/repos/asf/cxf/blob/3863a2a7/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java -- diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java index 7855c29a..08814bb 100644 --- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java +++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java @@ -77,6 +77,7 @@ public class SAMLSSOResponseValidatorTest extends org.junit.Assert { // Validate the Response SAMLSSOResponseValidator validator = new SAMLSSOResponseVali
cxf git commit: Enforce all Assertions must be signed in some way by default
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes d6ff15642 -> 99caed075 Enforce all Assertions must be signed in some way by default Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/99caed07 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/99caed07 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/99caed07 Branch: refs/heads/3.1.x-fixes Commit: 99caed07534ab002672c54f2bff1a3fa31152c57 Parents: d6ff156 Author: Colm O hEigeartaigh Authored: Mon Jan 18 14:43:41 2016 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 14:44:38 2016 + -- .../saml/sso/SAMLSSOResponseValidator.java | 8 ++-- .../saml/sso/CombinedValidatorTest.java | 1 + .../saml/sso/SAMLSSOResponseValidatorTest.java | 49 3 files changed, 54 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/99caed07/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java -- diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java index 3ee7005..e072817 100644 --- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java +++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java @@ -50,7 +50,8 @@ public class SAMLSSOResponseValidator { private TokenReplayCache replayCache; /** - * Enforce that Assertions must be signed if the POST binding was used. The default is true. + * Enforce that Assertions contained in the Response must be signed (if the Response itself is not + * signed). The default is true. */ public void setEnforceAssertionsSigned(boolean enforceAssertionsSigned) { this.enforceAssertionsSigned = enforceAssertionsSigned; @@ -108,9 +109,8 @@ public class SAMLSSOResponseValidator { } validateIssuer(assertion.getIssuer()); -if (enforceAssertionsSigned && postBinding && assertion.getSignature() == null) { -LOG.fine("If the HTTP Post binding is used to deliver the Response, " - + "the enclosed assertions must be signed"); +if (!enforceResponseSigned && enforceAssertionsSigned && assertion.getSignature() == null) { +LOG.fine("The enclosed assertions in the SAML Response must be signed"); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } http://git-wip-us.apache.org/repos/asf/cxf/blob/99caed07/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java -- diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java index bba459e..cb684ed 100644 --- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java +++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java @@ -168,6 +168,7 @@ public class CombinedValidatorTest extends org.junit.Assert { // Test SSO validation SAMLSSOResponseValidator ssoValidator = new SAMLSSOResponseValidator(); +ssoValidator.setEnforceAssertionsSigned(false); ssoValidator.setIssuerIDP("http://cxf.apache.org/issuer";); ssoValidator.setAssertionConsumerURL("http://recipient.apache.org";); ssoValidator.setClientAddress("http://apache.org";); http://git-wip-us.apache.org/repos/asf/cxf/blob/99caed07/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java -- diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java index 9d886c3..ed4e5e2 100644 --- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java +++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java @@ -77,6 +77,7 @@ public class SAMLSSOResponseValidatorTest extends org.junit.Assert { // Validate
cxf git commit: Enforce all Assertions must be signed in some way by default
Repository: cxf Updated Branches: refs/heads/master 6e7b79f6a -> 6c7cbe317 Enforce all Assertions must be signed in some way by default Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6c7cbe31 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6c7cbe31 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6c7cbe31 Branch: refs/heads/master Commit: 6c7cbe317d468efd81e538319152de9fba57e1e3 Parents: 6e7b79f Author: Colm O hEigeartaigh Authored: Mon Jan 18 14:43:41 2016 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 14:43:41 2016 + -- .../saml/sso/SAMLSSOResponseValidator.java | 8 ++-- .../saml/sso/CombinedValidatorTest.java | 1 + .../saml/sso/SAMLSSOResponseValidatorTest.java | 49 3 files changed, 54 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/6c7cbe31/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java -- diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java index 3ee7005..e072817 100644 --- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java +++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java @@ -50,7 +50,8 @@ public class SAMLSSOResponseValidator { private TokenReplayCache replayCache; /** - * Enforce that Assertions must be signed if the POST binding was used. The default is true. + * Enforce that Assertions contained in the Response must be signed (if the Response itself is not + * signed). The default is true. */ public void setEnforceAssertionsSigned(boolean enforceAssertionsSigned) { this.enforceAssertionsSigned = enforceAssertionsSigned; @@ -108,9 +109,8 @@ public class SAMLSSOResponseValidator { } validateIssuer(assertion.getIssuer()); -if (enforceAssertionsSigned && postBinding && assertion.getSignature() == null) { -LOG.fine("If the HTTP Post binding is used to deliver the Response, " - + "the enclosed assertions must be signed"); +if (!enforceResponseSigned && enforceAssertionsSigned && assertion.getSignature() == null) { +LOG.fine("The enclosed assertions in the SAML Response must be signed"); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } http://git-wip-us.apache.org/repos/asf/cxf/blob/6c7cbe31/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java -- diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java index bba459e..cb684ed 100644 --- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java +++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java @@ -168,6 +168,7 @@ public class CombinedValidatorTest extends org.junit.Assert { // Test SSO validation SAMLSSOResponseValidator ssoValidator = new SAMLSSOResponseValidator(); +ssoValidator.setEnforceAssertionsSigned(false); ssoValidator.setIssuerIDP("http://cxf.apache.org/issuer";); ssoValidator.setAssertionConsumerURL("http://recipient.apache.org";); ssoValidator.setClientAddress("http://apache.org";); http://git-wip-us.apache.org/repos/asf/cxf/blob/6c7cbe31/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java -- diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java index 9d886c3..ed4e5e2 100644 --- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java +++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java @@ -77,6 +77,7 @@ public class SAMLSSOResponseValidatorTest extends org.junit.Assert { // Validate the Respo
[5/6] cxf-fediz git commit: Updating Passive Requestor endpoint log to warning
Updating Passive Requestor endpoint log to warning Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/5b6540d4 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/5b6540d4 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/5b6540d4 Branch: refs/heads/1.2.x-fixes Commit: 5b6540d4f2ef06972e349ce8d3f30d19c8f162e7 Parents: 8758c49 Author: Colm O hEigeartaigh Authored: Mon Jan 18 13:40:59 2016 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 13:47:12 2016 + -- .../org/apache/cxf/fediz/service/idp/beans/STSClientAction.java| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5b6540d4/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java -- diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java index 1e316b1..3f9f6c6 100644 --- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java +++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java @@ -307,7 +307,7 @@ public class STSClientAction { private void validateApplicationEndpoint(Application serviceConfig, RequestContext context) throws ProcessingException { if (serviceConfig.getCompiledPassiveRequestorEndpointConstraint() == null) { -LOG.info("No passive requestor endpoint constraint is configured for the application. " +LOG.warn("No passive requestor endpoint constraint is configured for the application. " + "This could lead to a malicious redirection attack"); return; }
[4/6] cxf-fediz git commit: Adding some tests
Adding some tests Conflicts: systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqTest.java Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/8758c493 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/8758c493 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/8758c493 Branch: refs/heads/1.2.x-fixes Commit: 8758c4930a505b5c0f39d76e8b4977914eed077f Parents: ced3e76 Author: Colm O hEigeartaigh Authored: Mon Dec 14 16:36:49 2015 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 13:47:04 2016 + -- .../integrationtests/AbstractAttackTests.java | 229 +++ .../fediz/integrationtests/AbstractTests.java | 130 +-- 2 files changed, 241 insertions(+), 118 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/8758c493/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractAttackTests.java -- diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractAttackTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractAttackTests.java new file mode 100644 index 000..69e3f50 --- /dev/null +++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractAttackTests.java @@ -0,0 +1,229 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.fediz.integrationtests; + +import java.net.URLEncoder; + +import org.apache.http.auth.AuthScope; +import org.apache.http.auth.UsernamePasswordCredentials; +import org.apache.wss4j.dom.WSSConfig; +import org.junit.Assert; +import org.junit.Test; + +import com.gargoylesoftware.htmlunit.CookieManager; +import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException; +import com.gargoylesoftware.htmlunit.WebClient; +import com.gargoylesoftware.htmlunit.html.DomElement; +import com.gargoylesoftware.htmlunit.html.DomNodeList; +import com.gargoylesoftware.htmlunit.html.HtmlForm; +import com.gargoylesoftware.htmlunit.html.HtmlPage; +import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput; + +/** + * Some negative/attack tests for the IdP/RP + */ +public abstract class AbstractAttackTests { + +static final String TEST_WREQ = +"http://docs.oasis-open.org/ws-sx/ws-trust/200512\";>" ++ "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV3.0" ++ ""; + +static { +WSSConfig.init(); +} + +public AbstractAttackTests() { +super(); +} + +public abstract String getServletContextName(); + +public abstract String getIdpHttpsPort(); + +public abstract String getRpHttpsPort(); + +@Test +public void testAliceModifiedSignature() throws Exception { +String url = "https://localhost:"; + getRpHttpsPort() + "/" + getServletContextName() ++ "/secure/fedservlet"; +String user = "alice"; +String password = "ecila"; + +// Get the initial token +CookieManager cookieManager = new CookieManager(); +final WebClient webClient = new WebClient(); +webClient.setCookieManager(cookieManager); +webClient.getOptions().setUseInsecureSSL(true); +webClient.getCredentialsProvider().setCredentials( +new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())), +new UsernamePasswordCredentials(user, password)); + +webClient.getOptions().setJavaScriptEnabled(false); +final HtmlPage idpPage = webClient.getPage(url); +webClient.getOptions().setJavaScriptEnabled(true); +Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); + +// Parse the form to get the token (wresult) +DomNodeList results = idpPage.getElementsByTagName("input"); + +for (DomElement result : results) { +
[6/6] cxf-fediz git commit: Fixing merge
Fixing merge Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/85258b07 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/85258b07 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/85258b07 Branch: refs/heads/1.2.x-fixes Commit: 85258b076209ff8df3d9bf72f67ec2977c7ca423 Parents: 5b6540d Author: Colm O hEigeartaigh Authored: Mon Jan 18 14:18:01 2016 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 14:18:01 2016 + -- .../integrationtests/AbstractAttackTests.java | 229 --- .../fediz/integrationtests/AbstractTests.java | 124 +- 2 files changed, 113 insertions(+), 240 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/85258b07/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractAttackTests.java -- diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractAttackTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractAttackTests.java deleted file mode 100644 index 69e3f50..000 --- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractAttackTests.java +++ /dev/null @@ -1,229 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.fediz.integrationtests; - -import java.net.URLEncoder; - -import org.apache.http.auth.AuthScope; -import org.apache.http.auth.UsernamePasswordCredentials; -import org.apache.wss4j.dom.WSSConfig; -import org.junit.Assert; -import org.junit.Test; - -import com.gargoylesoftware.htmlunit.CookieManager; -import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException; -import com.gargoylesoftware.htmlunit.WebClient; -import com.gargoylesoftware.htmlunit.html.DomElement; -import com.gargoylesoftware.htmlunit.html.DomNodeList; -import com.gargoylesoftware.htmlunit.html.HtmlForm; -import com.gargoylesoftware.htmlunit.html.HtmlPage; -import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput; - -/** - * Some negative/attack tests for the IdP/RP - */ -public abstract class AbstractAttackTests { - -static final String TEST_WREQ = -"http://docs.oasis-open.org/ws-sx/ws-trust/200512\";>" -+ "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV3.0" -+ ""; - -static { -WSSConfig.init(); -} - -public AbstractAttackTests() { -super(); -} - -public abstract String getServletContextName(); - -public abstract String getIdpHttpsPort(); - -public abstract String getRpHttpsPort(); - -@Test -public void testAliceModifiedSignature() throws Exception { -String url = "https://localhost:"; + getRpHttpsPort() + "/" + getServletContextName() -+ "/secure/fedservlet"; -String user = "alice"; -String password = "ecila"; - -// Get the initial token -CookieManager cookieManager = new CookieManager(); -final WebClient webClient = new WebClient(); -webClient.setCookieManager(cookieManager); -webClient.getOptions().setUseInsecureSSL(true); -webClient.getCredentialsProvider().setCredentials( -new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())), -new UsernamePasswordCredentials(user, password)); - -webClient.getOptions().setJavaScriptEnabled(false); -final HtmlPage idpPage = webClient.getPage(url); -webClient.getOptions().setJavaScriptEnabled(true); -Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); - -// Parse the form to get the token (wresult) -DomNodeList results = idpPage.getElementsByTagName("input"); - -for (DomElement result : results) { -if ("wresult".equals(result.getAttributeNS(null, "name"))) { -// Now modify the Signature -String value = result.getAttributeNS(null, "value"); -
[1/6] cxf-fediz git commit: Adding malicious redirection test
Repository: cxf-fediz Updated Branches: refs/heads/1.2.x-fixes 46b05ed9a -> 85258b076 Adding malicious redirection test Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/8c99b2f6 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/8c99b2f6 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/8c99b2f6 Branch: refs/heads/1.2.x-fixes Commit: 8c99b2f672c6525fccde600f8cd502956194b7d1 Parents: 46b05ed Author: Colm O hEigeartaigh Authored: Mon Nov 16 16:53:49 2015 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 13:42:05 2016 + -- .../fediz/integrationtests/AbstractTests.java | 82 1 file changed, 82 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/8c99b2f6/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java -- diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java index c636aeb..88ab429 100644 --- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java +++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java @@ -25,14 +25,21 @@ import org.w3c.dom.Node; import com.gargoylesoftware.htmlunit.CookieManager; import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException; +import com.gargoylesoftware.htmlunit.HttpMethod; import com.gargoylesoftware.htmlunit.WebClient; +import com.gargoylesoftware.htmlunit.WebRequest; import com.gargoylesoftware.htmlunit.html.DomElement; import com.gargoylesoftware.htmlunit.html.DomNodeList; import com.gargoylesoftware.htmlunit.html.HtmlForm; import com.gargoylesoftware.htmlunit.html.HtmlPage; import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput; +import com.gargoylesoftware.htmlunit.util.NameValuePair; import com.gargoylesoftware.htmlunit.xml.XmlPage; +import java.net.URL; +import java.net.URLEncoder; +import java.util.ArrayList; + import org.apache.cxf.fediz.core.ClaimTypes; import org.apache.cxf.fediz.core.FederationConstants; import org.apache.cxf.fediz.core.util.DOMUtils; @@ -577,4 +584,79 @@ public abstract class AbstractTests { Assert.assertTrue("Unexpected content of RP page", bodyTextContent2.contains("Secure Test")); } +@org.junit.Test +public void testMaliciousRedirect() throws Exception { +String url = "https://localhost:"; + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; +String user = "alice"; +String password = "ecila"; + +CookieManager cookieManager = new CookieManager(); + +// 1. Login +HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), cookieManager); + +// 2. Now we should have a cookie from the RP and IdP and should be able to do +// subsequent requests without authenticate again. Lets test this first. +WebClient webClient = new WebClient(); +webClient.setCookieManager(cookieManager); +webClient.getOptions().setUseInsecureSSL(true); +HtmlPage rpPage = webClient.getPage(url); +Assert.assertTrue("WS Federation Systests Examples".equals(rpPage.getTitleText()) + || "WS Federation Systests Spring Examples".equals(rpPage.getTitleText())); + +// 3. Now a malicious user sends the client a URL with a bad "wreply" address to the IdP +String maliciousURL = "https://www.apache.org/attack";; +String idpUrl + = "https://localhost:"; + getIdpHttpsPort() + "/fediz-idp/federation"; +idpUrl += "?wa=wsignin1.0&wreply=" + URLEncoder.encode(maliciousURL, "UTF-8"); +idpUrl += "&wtrealm=urn%3Aorg%3Aapache%3Acxf%3Afediz%3Afedizhelloworld"; +idpUrl += "&whr=urn%3Aorg%3Aapache%3Acxf%3Afediz%3Aidp%3Arealm-A"; + +final WebClient webClient2 = new WebClient(); +webClient2.setCookieManager(cookieManager); +webClient2.getOptions().setUseInsecureSSL(true); +webClient2.getCredentialsProvider().setCredentials( +new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())), +new UsernamePasswordCredentials(user, password)); + +webClient2.getOptions().setJavaScriptEnabled(false); +final HtmlPage idpPage = webClient2.getPage(idpUrl); +webClient2.getOptions().setJavaScriptEnabled(true); +Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); + +// Check that the form is to be posted to the malicious URL +DomNodeList formResults = idpPage.getElementsByT
[2/6] cxf-fediz git commit: Fixing redirection attack issue
Fixing redirection attack issue Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/fd8dcda5 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/fd8dcda5 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/fd8dcda5 Branch: refs/heads/1.2.x-fixes Commit: fd8dcda574889e1d1e7021072f47c71f2e38e4db Parents: 8c99b2f Author: Colm O hEigeartaigh Authored: Fri Nov 27 17:10:51 2015 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 13:43:40 2016 + -- .../service/idp/beans/STSClientAction.java | 25 +++ .../fediz/service/idp/domain/Application.java | 23 +- .../idp/service/jpa/ApplicationDAOJPAImpl.java | 2 + .../idp/service/jpa/ApplicationEntity.java | 11 + .../idp/src/main/resources/entities-realma.xml | 2 + .../src/test/resources/entities-realma.xml | 2 + .../test/resources/realma/entities-realma.xml | 2 + .../fediz/integrationtests/AbstractTests.java | 44 +++- .../test/resources/realma/entities-realma.xml | 2 + 9 files changed, 74 insertions(+), 39 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd8dcda5/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java -- diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java index 948c557..1e316b1 100644 --- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java +++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java @@ -25,6 +25,7 @@ import java.net.MalformedURLException; import java.net.URL; import java.security.cert.X509Certificate; import java.util.List; +import java.util.regex.Matcher; import javax.servlet.http.HttpServletRequest; import javax.xml.namespace.QName; @@ -199,6 +200,9 @@ public class STSClientAction { throw new ProcessingException(TYPE.BAD_REQUEST); } +// Check wreply parameter against passive requestor endpoint constraint +validateApplicationEndpoint(serviceConfig, context); + // Parse wreq parameter - we only support parsing TokenType and KeyType for now String wreq = (String)WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_REQUEST); String stsTokenType = null; @@ -299,6 +303,27 @@ public class STSClientAction { return StringEscapeUtils.escapeXml11(rpToken); } +// The wreply address must match the passive endpoint requestor constraint (if it is specified) +private void validateApplicationEndpoint(Application serviceConfig, RequestContext context) +throws ProcessingException { +if (serviceConfig.getCompiledPassiveRequestorEndpointConstraint() == null) { +LOG.info("No passive requestor endpoint constraint is configured for the application. " + + "This could lead to a malicious redirection attack"); +return; +} + +String wreply = +(String)WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_REPLY); +if (wreply != null) { +Matcher matcher = serviceConfig.getCompiledPassiveRequestorEndpointConstraint().matcher(wreply); +if (!matcher.matches()) { +LOG.error("The wreply value of {} does not match any of the passive requestor values", + wreply); +throw new ProcessingException(TYPE.BAD_REQUEST); +} +} +} + private String getIdFromToken(String token) throws XMLStreamException { InputStream is = new ByteArrayInputStream(token.getBytes()); Document doc = StaxUtils.read(is); http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd8dcda5/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java -- diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java index 5f14f5b..43c7e8a 100644 --- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java +++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java @@ -22,6 +22,7 @@ import java.io.Serializable; import java.net.URI; import java.util.ArrayList; import java.util.List; +import java.util.regex.Pattern; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElementRef; @@ -32,7
[3/6] cxf-fediz git commit: Fixing spring tests
Fixing spring tests Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/ced3e763 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/ced3e763 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/ced3e763 Branch: refs/heads/1.2.x-fixes Commit: ced3e76363b87da4ad59463f26c8fe12d341e1dd Parents: fd8dcda Author: Colm O hEigeartaigh Authored: Sat Nov 28 18:04:40 2015 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 13:44:00 2016 + -- services/idp/src/main/resources/entities-realma.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ced3e763/services/idp/src/main/resources/entities-realma.xml -- diff --git a/services/idp/src/main/resources/entities-realma.xml b/services/idp/src/main/resources/entities-realma.xml index b76bf66..995b92d 100644 --- a/services/idp/src/main/resources/entities-realma.xml +++ b/services/idp/src/main/resources/entities-realma.xml @@ -105,7 +105,7 @@ http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"; /> https://localhost:(\d)*/(\w)*helloworld(\w)*/secure/.*" /> + value="https://localhost:(\d)*/(\w)*helloworld(\w)*/.*" />
cxf-fediz git commit: Updating Passive Requestor endpoint log to warning
Repository: cxf-fediz Updated Branches: refs/heads/master 0d30b0129 -> 33c86fc33 Updating Passive Requestor endpoint log to warning Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/33c86fc3 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/33c86fc3 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/33c86fc3 Branch: refs/heads/master Commit: 33c86fc336ec6f81062f6541d631277272b6b148 Parents: 0d30b01 Author: Colm O hEigeartaigh Authored: Mon Jan 18 13:40:59 2016 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 13:40:59 2016 + -- .../org/apache/cxf/fediz/service/idp/beans/STSClientAction.java| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/33c86fc3/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java -- diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java index 295dceb..efe7fd6 100644 --- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java +++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java @@ -310,7 +310,7 @@ public class STSClientAction { private void validateApplicationEndpoint(Application serviceConfig, RequestContext context) throws ProcessingException { if (serviceConfig.getCompiledPassiveRequestorEndpointConstraint() == null) { -LOG.info("No passive requestor endpoint constraint is configured for the application. " +LOG.warn("No passive requestor endpoint constraint is configured for the application. " + "This could lead to a malicious redirection attack"); return; }
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4854 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes cf3584f33 -> d6ff15642 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d6ff1564 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d6ff1564 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d6ff1564 Branch: refs/heads/3.1.x-fixes Commit: d6ff1564248ae7926ab105f6f56018acdc6494b3 Parents: cf3584f Author: Colm O hEigeartaigh Authored: Mon Jan 18 11:55:29 2016 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 11:55:29 2016 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/d6ff1564/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 76b9be1..8530deb 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -5,6 +5,7 @@ B 0dfaf8d72574511ad9027c663707f9e30b945fbc B 39851b83af116611ce0efe70c4b9a32ee8491523 B 59b8615053ddcad353fbebcd9a5b1109ae0897a1 B 65e1e07fdb810ec9de135530ca3e3d23821836a3 +B 6e7b79f6a8b6523b2248937275d92918e5682aa2 B 7b7629682d15345518e66d46e575bf1ac334cf00 B 7fc957efa3a193a5f2ae178b8a608717ce4c5b26 B 85c397f853c6b7ca0ed6d924445d6173962e1ec4
cxf git commit: Fixing distribution
Repository: cxf Updated Branches: refs/heads/master 79d6097a0 -> 6e7b79f6a Fixing distribution Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6e7b79f6 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6e7b79f6 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6e7b79f6 Branch: refs/heads/master Commit: 6e7b79f6a8b6523b2248937275d92918e5682aa2 Parents: 79d6097 Author: Colm O hEigeartaigh Authored: Mon Jan 18 11:55:02 2016 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 11:55:02 2016 + -- .../sign_enc/src/main/java/demo/wssec/client/StaxClient.java | 2 +- .../sign_enc/src/main/java/demo/wssec/server/StaxServer.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/6e7b79f6/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/StaxClient.java -- diff --git a/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/StaxClient.java b/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/StaxClient.java index 9a96359..d64aa0d 100644 --- a/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/StaxClient.java +++ b/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/StaxClient.java @@ -92,7 +92,7 @@ public final class StaxClient { properties.setSignatureCryptoProperties(sigCryptoProperties); properties.setSignatureKeyIdentifier( - WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference + WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE ); properties.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1";); properties.addSignaturePart( http://git-wip-us.apache.org/repos/asf/cxf/blob/6e7b79f6/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/StaxServer.java -- diff --git a/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/StaxServer.java b/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/StaxServer.java index 7559434..0d10e4a 100644 --- a/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/StaxServer.java +++ b/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/StaxServer.java @@ -88,7 +88,7 @@ public class StaxServer { properties.setSignatureCryptoProperties(decCryptoProperties); properties.setSignatureKeyIdentifier( -WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference + WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE ); properties.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1";); properties.addSignaturePart(
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4852 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot