buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4873 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4867 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4866 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4864 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4863 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
cxf git commit: Remove an un-used variable
Repository: cxf
Updated Branches:
refs/heads/master 1247e04ec -> 7dcfe81d4
Remove an un-used variable
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7dcfe81d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7dcfe81d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7dcfe81d
Branch: refs/heads/master
Commit: 7dcfe81d4b4cdbe65eb84cf00b857fd6f7315faf
Parents: 1247e04
Author: Daniel Kulp
Authored: Mon Jan 18 15:50:55 2016 -0500
Committer: Daniel Kulp
Committed: Mon Jan 18 15:50:55 2016 -0500
--
.../org/apache/cxf/transport/http/AbstractHTTPDestination.java | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/7dcfe81d/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
--
diff --git
a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
index d79e75b..11c48d2 100644
---
a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
+++
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
@@ -726,7 +726,7 @@ public abstract class AbstractHTTPDestination
OutputStream os = message.getContent(OutputStream.class);
if (os == null) {
message.setContent(OutputStream.class,
- new WrappedOutputStream(message, response));
+ new WrappedOutputStream(message));
}
}
@@ -758,13 +758,11 @@ public abstract class AbstractHTTPDestination
*/
private class WrappedOutputStream extends AbstractWrappedOutputStream
implements CopyingOutputStream {
-protected HttpServletResponse response;
private Message outMessage;
-WrappedOutputStream(Message m, HttpServletResponse resp) {
+WrappedOutputStream(Message m) {
super();
this.outMessage = m;
-response = resp;
}
cxf git commit: [CXF-6749] When using a servlet, attempt to remove the temp dir hook when the servlet is destroyed to prevent a classloader leak. This is an attmempt only and not guaranteed to work.
Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes f976a73c4 -> e90072c74
[CXF-6749] When using a servlet, attempt to remove the temp dir hook when the
servlet is destroyed to prevent a classloader leak. This is an attmempt only
and not guaranteed to work.
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e90072c7
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e90072c7
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e90072c7
Branch: refs/heads/3.0.x-fixes
Commit: e90072c7491745f8b76f6e759f660aeb3930a1e9
Parents: f976a73
Author: Daniel Kulp
Authored: Mon Jan 18 14:05:58 2016 -0500
Committer: Daniel Kulp
Committed: Mon Jan 18 14:22:04 2016 -0500
--
.../java/org/apache/cxf/helpers/FileUtils.java | 63
.../transport/servlet/AbstractHTTPServlet.java | 5 ++
.../transport/servlet/CXFNonSpringServlet.java | 1 +
3 files changed, 59 insertions(+), 10 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/e90072c7/core/src/main/java/org/apache/cxf/helpers/FileUtils.java
--
diff --git a/core/src/main/java/org/apache/cxf/helpers/FileUtils.java
b/core/src/main/java/org/apache/cxf/helpers/FileUtils.java
index 82444d1..a8d3fa5 100644
--- a/core/src/main/java/org/apache/cxf/helpers/FileUtils.java
+++ b/core/src/main/java/org/apache/cxf/helpers/FileUtils.java
@@ -38,6 +38,7 @@ import org.apache.cxf.common.util.SystemPropertyAction;
public final class FileUtils {
private static final int RETRY_SLEEP_MILLIS = 10;
private static File defaultTempDir;
+private static Thread shutdownHook;
private static final char[] ILLEGAL_CHARACTERS
= {'/', '\n', '\r', '\t', '\0', '\f', '`', '?', '*', '\\', '<', '>',
'|', '\"', ':'};
@@ -84,13 +85,51 @@ public final class FileUtils {
}
}
if (defaultTempDir == null) {
-defaultTempDir = createTmpDir();
+defaultTempDir = createTmpDir(false);
+if (shutdownHook != null) {
+Runtime.getRuntime().removeShutdownHook(shutdownHook);
+}
+shutdownHook = new Thread() {
+@Override
+public void run() {
+removeDir(defaultTempDir, true);
+}
+};
+Runtime.getRuntime().addShutdownHook(shutdownHook);
+
}
return defaultTempDir;
}
+public static synchronized void maybeDeleteDefaultTempDir() {
+if (defaultTempDir != null) {
+Runtime.getRuntime().gc(); // attempt a garbage collect to close
any files
+String files[] = defaultTempDir.list();
+if (files != null && files.length > 0) {
+//there are files in there, we need to attempt some more
cleanup
+
+//HOWEVER, we don't want to just wipe out every file as
something may be holding onto
+//the files for a reason. We'll re-run the gc and run the
finalizers to see if
+//anything gets cleaned up.
+Runtime.getRuntime().gc(); // attempt a garbage collect to
close any files
+Runtime.getRuntime().runFinalization();
+Runtime.getRuntime().gc();
+files = defaultTempDir.list();
+}
+if (files == null || files.length == 0) {
+//all the files are gone, we can remove the shutdownhook and
reset
+Runtime.getRuntime().removeShutdownHook(shutdownHook);
+shutdownHook.run();
+shutdownHook = null;
+defaultTempDir = null;
+}
+}
+}
+
public static File createTmpDir() {
-int x = (int)(Math.random() * 100);
+return createTmpDir(true);
+}
+public static File createTmpDir(boolean addHook) {
String s = SystemPropertyAction.getProperty("java.io.tmpdir");
File checkExists = new File(s);
if (!checkExists.exists() || !checkExists.isDirectory()) {
@@ -110,6 +149,8 @@ public final class FileUtils {
+ "little usable
temporary space. Operations"
+ " requiring
temporary files may fail.");
}
+
+int x = (int)(Math.random() * 100);
File f = new File(checkExists, "cxf-tmp-" + x);
int count = 0;
while (!f.mkdir()) {
@@ -124,14 +165,16 @@ public final class FileUtils {
count++;
}
File newTmpDir = f;
-final File f2 = f;
-Thread hook = new Thread() {
-@Override
-public void run() {
-
cxf git commit: [CXF-6749] When using a servlet, attempt to remove the temp dir hook when the servlet is destroyed to prevent a classloader leak. This is an attmempt only and not guaranteed to work. A
Repository: cxf
Updated Branches:
refs/heads/3.1.x-fixes fada1bbc7 -> c090a8163
[CXF-6749] When using a servlet, attempt to remove the temp dir hook when the
servlet is destroyed to prevent a classloader leak. This is an attmempt only
and not guaranteed to work.
Also use java7 nio2 methods for temp files
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c090a816
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c090a816
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c090a816
Branch: refs/heads/3.1.x-fixes
Commit: c090a8163c047bf3c89757afdf9bcbb7107b0818
Parents: fada1bb
Author: Daniel Kulp
Authored: Mon Jan 18 14:05:58 2016 -0500
Committer: Daniel Kulp
Committed: Mon Jan 18 14:17:27 2016 -0500
--
.../java/org/apache/cxf/helpers/FileUtils.java | 99 +++-
.../transport/servlet/AbstractHTTPServlet.java | 5 +
.../transport/servlet/CXFNonSpringServlet.java | 1 +
3 files changed, 82 insertions(+), 23 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/c090a816/core/src/main/java/org/apache/cxf/helpers/FileUtils.java
--
diff --git a/core/src/main/java/org/apache/cxf/helpers/FileUtils.java
b/core/src/main/java/org/apache/cxf/helpers/FileUtils.java
index 773b821..59632e5 100644
--- a/core/src/main/java/org/apache/cxf/helpers/FileUtils.java
+++ b/core/src/main/java/org/apache/cxf/helpers/FileUtils.java
@@ -26,6 +26,8 @@ import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
+import java.nio.file.Files;
+import java.nio.file.Path;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
@@ -38,6 +40,7 @@ import org.apache.cxf.common.util.SystemPropertyAction;
public final class FileUtils {
private static final int RETRY_SLEEP_MILLIS = 10;
private static File defaultTempDir;
+private static Thread shutdownHook;
private static final char[] ILLEGAL_CHARACTERS
= {'/', '\n', '\r', '\t', '\0', '\f', '`', '?', '*', '\\', '<', '>',
'|', '\"', ':'};
@@ -84,13 +87,51 @@ public final class FileUtils {
}
}
if (defaultTempDir == null) {
-defaultTempDir = createTmpDir();
+defaultTempDir = createTmpDir(false);
+if (shutdownHook != null) {
+Runtime.getRuntime().removeShutdownHook(shutdownHook);
+}
+shutdownHook = new Thread() {
+@Override
+public void run() {
+removeDir(defaultTempDir, true);
+}
+};
+Runtime.getRuntime().addShutdownHook(shutdownHook);
+
}
return defaultTempDir;
}
+public static synchronized void maybeDeleteDefaultTempDir() {
+if (defaultTempDir != null) {
+Runtime.getRuntime().gc(); // attempt a garbage collect to close
any files
+String files[] = defaultTempDir.list();
+if (files != null && files.length > 0) {
+//there are files in there, we need to attempt some more
cleanup
+
+//HOWEVER, we don't want to just wipe out every file as
something may be holding onto
+//the files for a reason. We'll re-run the gc and run the
finalizers to see if
+//anything gets cleaned up.
+Runtime.getRuntime().gc(); // attempt a garbage collect to
close any files
+Runtime.getRuntime().runFinalization();
+Runtime.getRuntime().gc();
+files = defaultTempDir.list();
+}
+if (files == null || files.length == 0) {
+//all the files are gone, we can remove the shutdownhook and
reset
+Runtime.getRuntime().removeShutdownHook(shutdownHook);
+shutdownHook.run();
+shutdownHook = null;
+defaultTempDir = null;
+}
+}
+}
+
public static File createTmpDir() {
-int x = (int)(Math.random() * 100);
+return createTmpDir(true);
+}
+public static File createTmpDir(boolean addHook) {
String s = SystemPropertyAction.getProperty("java.io.tmpdir");
File checkExists = new File(s);
if (!checkExists.exists() || !checkExists.isDirectory()) {
@@ -110,28 +151,40 @@ public final class FileUtils {
+ "little usable
temporary space. Operations"
+ " requiring
temporary files may fail.");
}
-File f = new File(checkExists, "cxf-tmp-" + x);
-int count = 0;
-
cxf git commit: [CXF-6749] When using a servlet, attempt to remove the temp dir hook when the servlet is destroyed to prevent a classloader leak. This is an attmempt only and not guaranteed to work. A
Repository: cxf
Updated Branches:
refs/heads/master 6cc93fb07 -> 1247e04ec
[CXF-6749] When using a servlet, attempt to remove the temp dir hook when the
servlet is destroyed to prevent a classloader leak. This is an attmempt only
and not guaranteed to work.
Also use java7 nio2 methods for temp files
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1247e04e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1247e04e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1247e04e
Branch: refs/heads/master
Commit: 1247e04ec9c7472b136b4c5b58ea99324585984e
Parents: 6cc93fb
Author: Daniel Kulp
Authored: Mon Jan 18 14:05:58 2016 -0500
Committer: Daniel Kulp
Committed: Mon Jan 18 14:07:34 2016 -0500
--
.../java/org/apache/cxf/helpers/FileUtils.java | 99 +++-
.../transport/servlet/AbstractHTTPServlet.java | 5 +
.../transport/servlet/CXFNonSpringServlet.java | 1 +
3 files changed, 82 insertions(+), 23 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/1247e04e/core/src/main/java/org/apache/cxf/helpers/FileUtils.java
--
diff --git a/core/src/main/java/org/apache/cxf/helpers/FileUtils.java
b/core/src/main/java/org/apache/cxf/helpers/FileUtils.java
index 773b821..59632e5 100644
--- a/core/src/main/java/org/apache/cxf/helpers/FileUtils.java
+++ b/core/src/main/java/org/apache/cxf/helpers/FileUtils.java
@@ -26,6 +26,8 @@ import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
+import java.nio.file.Files;
+import java.nio.file.Path;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
@@ -38,6 +40,7 @@ import org.apache.cxf.common.util.SystemPropertyAction;
public final class FileUtils {
private static final int RETRY_SLEEP_MILLIS = 10;
private static File defaultTempDir;
+private static Thread shutdownHook;
private static final char[] ILLEGAL_CHARACTERS
= {'/', '\n', '\r', '\t', '\0', '\f', '`', '?', '*', '\\', '<', '>',
'|', '\"', ':'};
@@ -84,13 +87,51 @@ public final class FileUtils {
}
}
if (defaultTempDir == null) {
-defaultTempDir = createTmpDir();
+defaultTempDir = createTmpDir(false);
+if (shutdownHook != null) {
+Runtime.getRuntime().removeShutdownHook(shutdownHook);
+}
+shutdownHook = new Thread() {
+@Override
+public void run() {
+removeDir(defaultTempDir, true);
+}
+};
+Runtime.getRuntime().addShutdownHook(shutdownHook);
+
}
return defaultTempDir;
}
+public static synchronized void maybeDeleteDefaultTempDir() {
+if (defaultTempDir != null) {
+Runtime.getRuntime().gc(); // attempt a garbage collect to close
any files
+String files[] = defaultTempDir.list();
+if (files != null && files.length > 0) {
+//there are files in there, we need to attempt some more
cleanup
+
+//HOWEVER, we don't want to just wipe out every file as
something may be holding onto
+//the files for a reason. We'll re-run the gc and run the
finalizers to see if
+//anything gets cleaned up.
+Runtime.getRuntime().gc(); // attempt a garbage collect to
close any files
+Runtime.getRuntime().runFinalization();
+Runtime.getRuntime().gc();
+files = defaultTempDir.list();
+}
+if (files == null || files.length == 0) {
+//all the files are gone, we can remove the shutdownhook and
reset
+Runtime.getRuntime().removeShutdownHook(shutdownHook);
+shutdownHook.run();
+shutdownHook = null;
+defaultTempDir = null;
+}
+}
+}
+
public static File createTmpDir() {
-int x = (int)(Math.random() * 100);
+return createTmpDir(true);
+}
+public static File createTmpDir(boolean addHook) {
String s = SystemPropertyAction.getProperty("java.io.tmpdir");
File checkExists = new File(s);
if (!checkExists.exists() || !checkExists.isDirectory()) {
@@ -110,28 +151,40 @@ public final class FileUtils {
+ "little usable
temporary space. Operations"
+ " requiring
temporary files may fail.");
}
-File f = new File(checkExists, "cxf-tmp-" + x);
-int count = 0;
-while
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4860 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4859 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
[1/2] cxf-fediz git commit: Some test reshuffling
Repository: cxf-fediz
Updated Branches:
refs/heads/1.2.x-fixes 85258b076 -> 7584a0c30
Some test reshuffling
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/06d062b6
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/06d062b6
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/06d062b6
Branch: refs/heads/1.2.x-fixes
Commit: 06d062b6939cabdfe5275bbfe84337d37a9e8bd3
Parents: 85258b0
Author: Colm O hEigeartaigh
Authored: Mon Jan 18 17:09:49 2016 +
Committer: Colm O hEigeartaigh
Committed: Mon Jan 18 17:28:27 2016 +
--
systests/cxf/pom.xml| 1 +
.../apache/cxf/fediz/systests/idp/IdpTest.java | 4 +-
systests/jetty8/pom.xml | 1 +
systests/spring/pom.xml | 1 +
.../cxf/fediz/integrationtests/Spring2Test.java | 7 +
.../fediz/integrationtests/AbstractTests.java | 54
systests/tests/src/test/resources/entity.xml| 25 ++
systests/tomcat7/pom.xml| 1 +
.../EntityExpansionAttackTest.java | 247 ---
systests/tomcat7/src/test/resources/entity.xml | 25 --
10 files changed, 91 insertions(+), 275 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/06d062b6/systests/cxf/pom.xml
--
diff --git a/systests/cxf/pom.xml b/systests/cxf/pom.xml
index 2df0611..3052d4b 100644
--- a/systests/cxf/pom.xml
+++ b/systests/cxf/pom.xml
@@ -92,6 +92,7 @@
${project.version}
test-jar
test
+tests
org.apache.tomcat.embed
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/06d062b6/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
--
diff --git
a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
index f9948f5..3a70ca9 100644
--- a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
+++ b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
@@ -20,7 +20,6 @@
package org.apache.cxf.fediz.systests.idp;
import java.io.File;
-import java.io.FileInputStream;
import java.net.URLEncoder;
import org.w3c.dom.Document;
@@ -286,8 +285,7 @@ public class IdpTest {
String wreply = "https://localhost:"; + getRpHttpsPort() + "/" +
getServletContextName() + "/secure/fedservlet";
url += "&wreply=" + wreply;
-FileInputStream is = new
FileInputStream("src/test/resources/entity_wreq.xml");
-String entity = IOUtils.toString(is);
+String entity =
IOUtils.toString(this.getClass().getClassLoader().getResource("entity_wreq.xml").openStream());
String validWreq =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512\";>"
+
"&m;http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/06d062b6/systests/jetty8/pom.xml
--
diff --git a/systests/jetty8/pom.xml b/systests/jetty8/pom.xml
index bf1e594..ba774a4 100644
--- a/systests/jetty8/pom.xml
+++ b/systests/jetty8/pom.xml
@@ -80,6 +80,7 @@
${project.version}
test-jar
test
+tests
org.slf4j
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/06d062b6/systests/spring/pom.xml
--
diff --git a/systests/spring/pom.xml b/systests/spring/pom.xml
index 23f89bd..1d9e457 100644
--- a/systests/spring/pom.xml
+++ b/systests/spring/pom.xml
@@ -92,6 +92,7 @@
${project.version}
test-jar
test
+tests
org.hsqldb
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/06d062b6/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java
--
diff --git
a/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java
b/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java
index 3bb2aa5..ed1acfe 100644
---
a/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java
+++
b/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java
@@ -107,4 +107,11 @@ public class Spring2Test extends AbstractTests {
public void testRPLogout() throws Exception {
}
+
+@Overr
[2/2] cxf-fediz git commit: Minor changes
Minor changes
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/7584a0c3
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/7584a0c3
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/7584a0c3
Branch: refs/heads/1.2.x-fixes
Commit: 7584a0c30c9f8fddfff52560d8db884a73b00451
Parents: 06d062b
Author: Colm O hEigeartaigh
Authored: Mon Jan 18 17:26:35 2016 +
Committer: Colm O hEigeartaigh
Committed: Mon Jan 18 17:28:52 2016 +
--
.../apache/cxf/fediz/integrationtests/AbstractTests.java| 9 ++---
1 file changed, 2 insertions(+), 7 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/7584a0c3/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
--
diff --git
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index 3648f5e..c008556 100644
---
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -48,12 +48,7 @@ import org.junit.Assert;
import org.junit.Test;
public abstract class AbstractTests {
-
-static final String TEST_WREQ =
-"http://docs.oasis-open.org/ws-sx/ws-trust/200512\";>"
-+
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV3.0"
-+ "";
-
+
static {
WSSConfig.init();
}
@@ -626,7 +621,7 @@ public abstract class AbstractTests {
@Test
public void testEntityExpansionAttack() throws Exception {
-String url = "https://localhost:"; + getRpHttpsPort() +
"/fedizhelloworld/secure/fedservlet";
+String url = "https://localhost:"; + getRpHttpsPort() + "/" +
getServletContextName() + "/secure/fedservlet";
String user = "alice";
String password = "ecila";
[1/2] cxf-fediz git commit: Minor changes
Repository: cxf-fediz
Updated Branches:
refs/heads/master c330c42e1 -> 445e34089
Minor changes
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/445e3408
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/445e3408
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/445e3408
Branch: refs/heads/master
Commit: 445e3408989e49c628e1ba6e8322a375273c2da9
Parents: ca84387
Author: Colm O hEigeartaigh
Authored: Mon Jan 18 17:26:35 2016 +
Committer: Colm O hEigeartaigh
Committed: Mon Jan 18 17:26:46 2016 +
--
.../org/apache/cxf/fediz/integrationtests/AbstractTests.java | 7 +--
1 file changed, 1 insertion(+), 6 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/445e3408/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
--
diff --git
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index 05d7c1c..c9245e4 100644
---
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -49,11 +49,6 @@ import org.junit.Test;
public abstract class AbstractTests {
-static final String TEST_WREQ =
-"http://docs.oasis-open.org/ws-sx/ws-trust/200512\";>"
-+
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV3.0"
-+ "";
-
static {
WSSConfig.init();
}
@@ -643,7 +638,7 @@ public abstract class AbstractTests {
@Test
public void testEntityExpansionAttack() throws Exception {
-String url = "https://localhost:"; + getRpHttpsPort() +
"/fedizhelloworld/secure/fedservlet";
+String url = "https://localhost:"; + getRpHttpsPort() + "/" +
getServletContextName() + "/secure/fedservlet";
String user = "alice";
String password = "ecila";
[2/2] cxf-fediz git commit: Some test reshuffling
Some test reshuffling
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/ca843877
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/ca843877
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/ca843877
Branch: refs/heads/master
Commit: ca843877ff476d45a0981cef5f4bad34f6d738ce
Parents: c330c42
Author: Colm O hEigeartaigh
Authored: Mon Jan 18 17:09:49 2016 +
Committer: Colm O hEigeartaigh
Committed: Mon Jan 18 17:26:46 2016 +
--
systests/cxf/pom.xml| 1 +
.../apache/cxf/fediz/systests/idp/IdpTest.java | 4 +-
systests/jetty8/pom.xml | 1 +
systests/jetty9/pom.xml | 1 +
systests/spring/pom.xml | 1 +
.../cxf/fediz/integrationtests/Spring2Test.java | 8 +-
.../fediz/integrationtests/AbstractTests.java | 57 +
systests/tests/src/test/resources/entity.xml| 25 ++
systests/tomcat7/pom.xml| 1 +
.../EntityExpansionAttackTest.java | 247 ---
systests/tomcat7/src/test/resources/entity.xml | 25 --
systests/tomcat8/pom.xml| 1 +
.../EntityExpansionAttackTest.java | 247 ---
systests/tomcat8/src/test/resources/entity.xml | 25 --
14 files changed, 96 insertions(+), 548 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ca843877/systests/cxf/pom.xml
--
diff --git a/systests/cxf/pom.xml b/systests/cxf/pom.xml
index 8d00ae0..c8cf93d 100644
--- a/systests/cxf/pom.xml
+++ b/systests/cxf/pom.xml
@@ -92,6 +92,7 @@
${project.version}
test-jar
test
+tests
org.apache.tomcat.embed
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ca843877/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
--
diff --git
a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
index 3947229..601d7c7 100644
--- a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
+++ b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
@@ -20,7 +20,6 @@
package org.apache.cxf.fediz.systests.idp;
import java.io.File;
-import java.io.FileInputStream;
import java.net.URLEncoder;
import org.w3c.dom.Document;
@@ -294,8 +293,7 @@ public class IdpTest {
String wreply = "https://localhost:"; + getRpHttpsPort() + "/" +
getServletContextName() + "/secure/fedservlet";
url += "&wreply=" + wreply;
-FileInputStream is = new
FileInputStream("src/test/resources/entity_wreq.xml");
-String entity = IOUtils.toString(is);
+String entity =
IOUtils.toString(this.getClass().getClassLoader().getResource("entity_wreq.xml").openStream());
String validWreq =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512\";>"
+
"&m;http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ca843877/systests/jetty8/pom.xml
--
diff --git a/systests/jetty8/pom.xml b/systests/jetty8/pom.xml
index 7d7badd..6d85a6e 100644
--- a/systests/jetty8/pom.xml
+++ b/systests/jetty8/pom.xml
@@ -80,6 +80,7 @@
${project.version}
test-jar
test
+tests
org.slf4j
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ca843877/systests/jetty9/pom.xml
--
diff --git a/systests/jetty9/pom.xml b/systests/jetty9/pom.xml
index 5e2c126..80fa755 100644
--- a/systests/jetty9/pom.xml
+++ b/systests/jetty9/pom.xml
@@ -74,6 +74,7 @@
${project.version}
test-jar
test
+tests
org.slf4j
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ca843877/systests/spring/pom.xml
--
diff --git a/systests/spring/pom.xml b/systests/spring/pom.xml
index 9cb2940..54ad159 100644
--- a/systests/spring/pom.xml
+++ b/systests/spring/pom.xml
@@ -88,6 +88,7 @@
${project.version}
test-jar
test
+tests
org.hsqldb
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ca843877/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java
--
cxf-fediz git commit: Optional support for the pre-registered scopes for clients
Repository: cxf-fediz
Updated Branches:
refs/heads/master 6b400f10a -> c330c42e1
Optional support for the pre-registered scopes for clients
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/c330c42e
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/c330c42e
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/c330c42e
Branch: refs/heads/master
Commit: c330c42e10d07c63291e898ef4de6d09b210a05c
Parents: 6b400f1
Author: Sergey Beryozkin
Authored: Mon Jan 18 17:11:21 2016 +
Committer: Sergey Beryozkin
Committed: Mon Jan 18 17:11:21 2016 +
--
.../service/oidc/ClientRegistrationService.java | 12 +++-
.../src/main/webapp/WEB-INF/applicationContext.xml | 6 ++
.../oidc/src/main/webapp/WEB-INF/data-manager.xml| 15 ---
3 files changed, 25 insertions(+), 8 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c330c42e/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
--
diff --git
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
index af0dc7f..66932eb 100644
---
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
+++
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
@@ -19,6 +19,7 @@
package org.apache.cxf.fediz.service.oidc;
+import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
@@ -52,7 +53,8 @@ public class ClientRegistrationService {
private OAuthDataManager manager;
private Map homeRealms = new LinkedHashMap();
private boolean protectIdTokenWithClientSecret;
-
+private Map clientScopes;
+
@Context
private SecurityContext sc;
@@ -195,6 +197,10 @@ public class ClientRegistrationService {
newClient.setRegisteredAt(System.currentTimeMillis() / 1000);
+if (clientScopes != null && !clientScopes.isEmpty()) {
+newClient.setRegisteredScopes(new
ArrayList(clientScopes.keySet()));
+}
+
return registerNewClient(newClient);
}
@@ -256,4 +262,8 @@ public class ClientRegistrationService {
public void setProtectIdTokenWithClientSecret(boolean
protectIdTokenWithClientSecret) {
this.protectIdTokenWithClientSecret = protectIdTokenWithClientSecret;
}
+
+public void setClientScopes(Map clientScopes) {
+this.clientScopes = clientScopes;
+}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c330c42e/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
--
diff --git a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
index 9bdf677..baa2861 100644
--- a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
@@ -40,6 +40,9 @@
+
@@ -91,6 +94,9 @@
+
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c330c42e/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
--
diff --git a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
index da299c0..7804d38 100644
--- a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
@@ -19,9 +19,12 @@
-->
http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+xmlns:util="http://www.springframework.org/schema/util";
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+http://www.springframework.org/schema/util
+http://www.springframework.org/schema/util/spring-util.xsd
">
@@ -29,15 +32,13 @@
+
+
+
+
-
+
cxf-fediz git commit: [FEDIZ-145] Adding Swagger UI for REST API
Repository: cxf-fediz
Updated Branches:
refs/heads/master 33c86fc33 -> 6b400f10a
[FEDIZ-145] Adding Swagger UI for REST API
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/6b400f10
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/6b400f10
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/6b400f10
Branch: refs/heads/master
Commit: 6b400f10aaafdd0573bc9028c1a482f03e0ddfe2
Parents: 33c86fc
Author: Jan Bernhardt
Authored: Mon Jan 18 17:55:48 2016 +0100
Committer: Jan Bernhardt
Committed: Mon Jan 18 18:02:47 2016 +0100
--
services/idp/pom.xml| 82 +-
.../idp/src/main/webapp/WEB-INF/idp-servlet.xml | 3 +
.../main/webapp/resources/swagger/index.html| 156 +++
3 files changed, 235 insertions(+), 6 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6b400f10/services/idp/pom.xml
--
diff --git a/services/idp/pom.xml b/services/idp/pom.xml
index baa33f1..c1fa70f 100644
--- a/services/idp/pom.xml
+++ b/services/idp/pom.xml
@@ -28,6 +28,11 @@
fediz-idp
Apache Fediz IDP
war
+
+
+2.1.0
+
+
@@ -242,12 +247,6 @@
swagger-jaxrs
1.5.6
-
- org.webjars
- swagger-ui
- 2.1.0
- provided
-
@@ -337,6 +336,77 @@
+org.apache.maven.plugins
+maven-dependency-plugin
+
+
+generate-resources
+
+unpack
+
+
+
+
+org.webjars
+swagger-ui
+${swagger-ui.version}
+true
+
${project.build.directory}/swagger-ui
+**/*.gz
+
+
+
+
+
+
+
+org.apache.maven.plugins
+maven-resources-plugin
+
+
+copy-swagger-resources-in-place
+process-resources
+
+copy-resources
+
+
+
${project.build.directory}/${project.build.finalName}/resources/swagger
+
+
+
${project.build.directory}/swagger-ui/META-INF/resources/webjars/swagger-ui/${swagger-ui.version}
+
+index.html
+swagger-ui.min.js
+
+
+
+
+
+
+
+
+org.apache.maven.plugins
+maven-antrun-plugin
+true
+
+
+addMatrixParamSupport
+process-resources
+
+run
+
+
+
+
+
+
+
+
+
+
org.codehaus.mojo
build-helper-maven-plugin
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6b400f10/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml
--
diff --git a/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml
b/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml
index 003969a..638a9c8 100644
--- a/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml
+++ b/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml
@@ -37,6 +37,9 @@
+
+
+
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6b400f10/services/idp/src/main/webapp/resources/swagger/index.html
--
diff --git a/services/idp/src/main/webapp/resources/swagger/index.html
b/services/idp/src/main/webapp/resources/s
cxf git commit: Making sure the pre-registered client scopes can be accumulated with the requested scopes
Repository: cxf
Updated Branches:
refs/heads/3.1.x-fixes 2cc284874 -> fada1bbc7
Making sure the pre-registered client scopes can be accumulated with the
requested scopes
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/fada1bbc
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/fada1bbc
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/fada1bbc
Branch: refs/heads/3.1.x-fixes
Commit: fada1bbc76067b5a1781bbd10773c2ff32571315
Parents: 2cc2848
Author: Sergey Beryozkin
Authored: Mon Jan 18 16:52:44 2016 +
Committer: Sergey Beryozkin
Committed: Mon Jan 18 16:54:07 2016 +
--
.../oauth2/grants/refresh/RefreshTokenGrantHandler.java | 6 ++
.../oauth2/services/DirectAuthorizationService.java | 6 ++
.../oauth2/services/RedirectionBasedGrantService.java | 8 +++-
.../apache/cxf/rs/security/oauth2/utils/OAuthUtils.java | 12 +++-
4 files changed, 30 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/fada1bbc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
--
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
index f64394b..3553736 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
@@ -35,6 +35,7 @@ public class RefreshTokenGrantHandler implements
AccessTokenGrantHandler {
private OAuthDataProvider dataProvider;
private boolean partialMatchScopeValidation;
+private boolean useAllClientScopes;
public void setDataProvider(OAuthDataProvider dataProvider) {
this.dataProvider = dataProvider;
@@ -49,6 +50,7 @@ public class RefreshTokenGrantHandler implements
AccessTokenGrantHandler {
String refreshToken = params.getFirst(OAuthConstants.REFRESH_TOKEN);
List requestedScopes = OAuthUtils.getRequestedScopes(client,
params.getFirst(OAuthConstants.SCOPE),
+useAllClientScopes,
partialMatchScopeValidation);
return dataProvider.refreshAccessToken(client, refreshToken,
requestedScopes);
@@ -57,4 +59,8 @@ public class RefreshTokenGrantHandler implements
AccessTokenGrantHandler {
public void setPartialMatchScopeValidation(boolean
partialMatchScopeValidation) {
this.partialMatchScopeValidation = partialMatchScopeValidation;
}
+
+public void setUseAllClientScopes(boolean useAllClientScopes) {
+this.useAllClientScopes = useAllClientScopes;
+}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/fada1bbc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
--
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
index 26212d8..f88a85a 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
@@ -45,6 +45,7 @@ import org.apache.cxf.security.SecurityContext;
public class DirectAuthorizationService extends AbstractOAuthService {
private SubjectCreator subjectCreator;
private boolean partialMatchScopeValidation;
+private boolean useAllClientScopes;
@POST
@Consumes("application/x-www-form-urlencoded")
@Produces("text/html")
@@ -62,6 +63,7 @@ public class DirectAuthorizationService extends
AbstractOAuthService {
String providedScope = params.getFirst(OAuthConstants.SCOPE);
List requestedScope = OAuthUtils.getRequestedScopes(client,
providedScope,
+ useAllClientScopes,
partialMatchScopeValidation);
reg.setRequestedScope(requestedScope);
cxf git commit: Making sure the pre-registered client scopes can be accumulated with the requested scopes
Repository: cxf
Updated Branches:
refs/heads/master 2d5bc09bd -> 6cc93fb07
Making sure the pre-registered client scopes can be accumulated with the
requested scopes
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6cc93fb0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6cc93fb0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6cc93fb0
Branch: refs/heads/master
Commit: 6cc93fb07362027d09967932776821352d88b62b
Parents: 2d5bc09
Author: Sergey Beryozkin
Authored: Mon Jan 18 16:52:44 2016 +
Committer: Sergey Beryozkin
Committed: Mon Jan 18 16:52:44 2016 +
--
.../oauth2/grants/refresh/RefreshTokenGrantHandler.java | 6 ++
.../oauth2/services/DirectAuthorizationService.java | 6 ++
.../oauth2/services/RedirectionBasedGrantService.java | 8 +++-
.../apache/cxf/rs/security/oauth2/utils/OAuthUtils.java | 12 +++-
4 files changed, 30 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/6cc93fb0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
--
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
index f64394b..3553736 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
@@ -35,6 +35,7 @@ public class RefreshTokenGrantHandler implements
AccessTokenGrantHandler {
private OAuthDataProvider dataProvider;
private boolean partialMatchScopeValidation;
+private boolean useAllClientScopes;
public void setDataProvider(OAuthDataProvider dataProvider) {
this.dataProvider = dataProvider;
@@ -49,6 +50,7 @@ public class RefreshTokenGrantHandler implements
AccessTokenGrantHandler {
String refreshToken = params.getFirst(OAuthConstants.REFRESH_TOKEN);
List requestedScopes = OAuthUtils.getRequestedScopes(client,
params.getFirst(OAuthConstants.SCOPE),
+useAllClientScopes,
partialMatchScopeValidation);
return dataProvider.refreshAccessToken(client, refreshToken,
requestedScopes);
@@ -57,4 +59,8 @@ public class RefreshTokenGrantHandler implements
AccessTokenGrantHandler {
public void setPartialMatchScopeValidation(boolean
partialMatchScopeValidation) {
this.partialMatchScopeValidation = partialMatchScopeValidation;
}
+
+public void setUseAllClientScopes(boolean useAllClientScopes) {
+this.useAllClientScopes = useAllClientScopes;
+}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/6cc93fb0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
--
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
index 26212d8..f88a85a 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
@@ -45,6 +45,7 @@ import org.apache.cxf.security.SecurityContext;
public class DirectAuthorizationService extends AbstractOAuthService {
private SubjectCreator subjectCreator;
private boolean partialMatchScopeValidation;
+private boolean useAllClientScopes;
@POST
@Consumes("application/x-www-form-urlencoded")
@Produces("text/html")
@@ -62,6 +63,7 @@ public class DirectAuthorizationService extends
AbstractOAuthService {
String providedScope = params.getFirst(OAuthConstants.SCOPE);
List requestedScope = OAuthUtils.getRequestedScopes(client,
providedScope,
+ useAllClientScopes,
partialMatchScopeValidation);
reg.setRequestedScope(requestedScope);
@@ -1
svn commit: r1725300 - /cxf/web/pom.xml
Author: dkulp Date: Mon Jan 18 16:20:57 2016 New Revision: 1725300 URL: http://svn.apache.org/viewvc?rev=1725300&view=rev Log: Update to 3.1.4 of cxf Modified: cxf/web/pom.xml Modified: cxf/web/pom.xml URL: http://svn.apache.org/viewvc/cxf/web/pom.xml?rev=1725300&r1=1725299&r2=1725300&view=diff == --- cxf/web/pom.xml (original) +++ cxf/web/pom.xml Mon Jan 18 16:20:57 2016 @@ -28,11 +28,11 @@ org.apache.cxf cxf-parent -3.1.1 +3.1.4 -3.1.1 +3.1.4
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4857 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
cxf git commit: Only create the TokenReplayCache if it is required
Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes 8bf60be53 -> f976a73c4
Only create the TokenReplayCache if it is required
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f976a73c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f976a73c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f976a73c
Branch: refs/heads/3.0.x-fixes
Commit: f976a73c4ac47f419462c8e091c8fd541593b912
Parents: 8bf60be
Author: Colm O hEigeartaigh
Authored: Mon Jan 18 15:28:40 2016 +
Committer: Colm O hEigeartaigh
Committed: Mon Jan 18 15:29:40 2016 +
--
.../saml/sso/AbstractRequestAssertionConsumerHandler.java| 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/f976a73c/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
--
diff --git
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
index 119556d..16afc2a 100644
---
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
+++
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
@@ -322,7 +322,9 @@ public abstract class
AbstractRequestAssertionConsumerHandler extends AbstractSS
ssoResponseValidator.setEnforceAssertionsSigned(enforceAssertionsSigned);
ssoResponseValidator.setEnforceResponseSigned(enforceResponseSigned);
ssoResponseValidator.setEnforceKnownIssuer(enforceKnownIssuer);
-ssoResponseValidator.setReplayCache(getReplayCache());
+if (postBinding) {
+ssoResponseValidator.setReplayCache(getReplayCache());
+}
return ssoResponseValidator.validateSamlResponse(samlResponse,
postBinding);
} catch (WSSecurityException ex) {
cxf git commit: Only create the TokenReplayCache if it is required
Repository: cxf
Updated Branches:
refs/heads/3.1.x-fixes 99caed075 -> 2cc284874
Only create the TokenReplayCache if it is required
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2cc28487
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2cc28487
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2cc28487
Branch: refs/heads/3.1.x-fixes
Commit: 2cc28487417260c4ae0846f4b86c93d07ee1ac41
Parents: 99caed0
Author: Colm O hEigeartaigh
Authored: Mon Jan 18 15:28:40 2016 +
Committer: Colm O hEigeartaigh
Committed: Mon Jan 18 15:29:04 2016 +
--
.../saml/sso/AbstractRequestAssertionConsumerHandler.java| 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/2cc28487/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
--
diff --git
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
index 2de61ae..3c110a1 100644
---
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
+++
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
@@ -317,7 +317,9 @@ public abstract class
AbstractRequestAssertionConsumerHandler extends AbstractSS
ssoResponseValidator.setEnforceAssertionsSigned(enforceAssertionsSigned);
ssoResponseValidator.setEnforceResponseSigned(enforceResponseSigned);
ssoResponseValidator.setEnforceKnownIssuer(enforceKnownIssuer);
-ssoResponseValidator.setReplayCache(getReplayCache());
+if (postBinding) {
+ssoResponseValidator.setReplayCache(getReplayCache());
+}
return ssoResponseValidator.validateSamlResponse(samlResponse,
postBinding);
} catch (WSSecurityException ex) {
cxf git commit: Only create the TokenReplayCache if it is required
Repository: cxf
Updated Branches:
refs/heads/master 6c7cbe317 -> 2d5bc09bd
Only create the TokenReplayCache if it is required
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2d5bc09b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2d5bc09b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2d5bc09b
Branch: refs/heads/master
Commit: 2d5bc09bdff68241e6f597ea2a5de85f969b8619
Parents: 6c7cbe3
Author: Colm O hEigeartaigh
Authored: Mon Jan 18 15:28:40 2016 +
Committer: Colm O hEigeartaigh
Committed: Mon Jan 18 15:28:40 2016 +
--
.../saml/sso/AbstractRequestAssertionConsumerHandler.java| 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/2d5bc09b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
--
diff --git
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
index 2de61ae..3c110a1 100644
---
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
+++
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
@@ -317,7 +317,9 @@ public abstract class
AbstractRequestAssertionConsumerHandler extends AbstractSS
ssoResponseValidator.setEnforceAssertionsSigned(enforceAssertionsSigned);
ssoResponseValidator.setEnforceResponseSigned(enforceResponseSigned);
ssoResponseValidator.setEnforceKnownIssuer(enforceKnownIssuer);
-ssoResponseValidator.setReplayCache(getReplayCache());
+if (postBinding) {
+ssoResponseValidator.setReplayCache(getReplayCache());
+}
return ssoResponseValidator.validateSamlResponse(samlResponse,
postBinding);
} catch (WSSecurityException ex) {
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4856 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
[1/2] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 8858a63be -> 8bf60be53 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8bf60be5 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8bf60be5 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8bf60be5 Branch: refs/heads/3.0.x-fixes Commit: 8bf60be532047d88cd930e9b4317ffab625a4171 Parents: 3863a2a Author: Colm O hEigeartaigh Authored: Mon Jan 18 14:45:09 2016 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 14:45:09 2016 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/8bf60be5/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index aa67a5b..790543e 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -503,6 +503,7 @@ B d5d87b8c7949bd0d8d8d5b5d5dc435e14aaf8fa4 B d5ea460f20d60c0496c70a2cf0b7f0484d48c806 B d649aed452bb668ec575bd140c7a085e12b4b255 B d68f140c76cf7e390dfce134ea5c5d97f129e65d +B d6ff1564248ae7926ab105f6f56018acdc6494b3 B d8a6bdbd2c84b3fa0187de935e294d5f66974e46 B d9f624e2eca8affa20243583ace087a8cbba3ac8 B da4ccb008fcad909025cab0a00c56c00728c195b
[2/2] cxf git commit: Enforce all Assertions must be signed in some way by default
Enforce all Assertions must be signed in some way by default
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3863a2a7
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3863a2a7
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3863a2a7
Branch: refs/heads/3.0.x-fixes
Commit: 3863a2a71d6398491447c2f024f1595fbb921b34
Parents: 8858a63
Author: Colm O hEigeartaigh
Authored: Mon Jan 18 14:43:41 2016 +
Committer: Colm O hEigeartaigh
Committed: Mon Jan 18 14:45:09 2016 +
--
.../saml/sso/SAMLSSOResponseValidator.java | 8 ++--
.../saml/sso/CombinedValidatorTest.java | 1 +
.../saml/sso/SAMLSSOResponseValidatorTest.java | 49
3 files changed, 54 insertions(+), 4 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/3863a2a7/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
--
diff --git
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index 8da52c8..70c659f 100644
---
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -50,7 +50,8 @@ public class SAMLSSOResponseValidator {
private TokenReplayCache replayCache;
/**
- * Enforce that Assertions must be signed if the POST binding was used.
The default is true.
+ * Enforce that Assertions contained in the Response must be signed (if
the Response itself is not
+ * signed). The default is true.
*/
public void setEnforceAssertionsSigned(boolean enforceAssertionsSigned) {
this.enforceAssertionsSigned = enforceAssertionsSigned;
@@ -108,9 +109,8 @@ public class SAMLSSOResponseValidator {
}
validateIssuer(assertion.getIssuer());
-if (enforceAssertionsSigned && postBinding &&
assertion.getSignature() == null) {
-LOG.fine("If the HTTP Post binding is used to deliver the
Response, "
- + "the enclosed assertions must be signed");
+if (!enforceResponseSigned && enforceAssertionsSigned &&
assertion.getSignature() == null) {
+LOG.fine("The enclosed assertions in the SAML Response must be
signed");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/3863a2a7/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
--
diff --git
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
index 3150a0e..261a630 100644
---
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
+++
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
@@ -168,6 +168,7 @@ public class CombinedValidatorTest extends org.junit.Assert
{
// Test SSO validation
SAMLSSOResponseValidator ssoValidator = new SAMLSSOResponseValidator();
+ssoValidator.setEnforceAssertionsSigned(false);
ssoValidator.setIssuerIDP("http://cxf.apache.org/issuer";);
ssoValidator.setAssertionConsumerURL("http://recipient.apache.org";);
ssoValidator.setClientAddress("http://apache.org";);
http://git-wip-us.apache.org/repos/asf/cxf/blob/3863a2a7/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
--
diff --git
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
index 7855c29a..08814bb 100644
---
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
+++
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
@@ -77,6 +77,7 @@ public class SAMLSSOResponseValidatorTest extends
org.junit.Assert {
// Validate the Response
SAMLSSOResponseValidator validator = new SAMLSSOResponseVali
cxf git commit: Enforce all Assertions must be signed in some way by default
Repository: cxf
Updated Branches:
refs/heads/3.1.x-fixes d6ff15642 -> 99caed075
Enforce all Assertions must be signed in some way by default
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/99caed07
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/99caed07
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/99caed07
Branch: refs/heads/3.1.x-fixes
Commit: 99caed07534ab002672c54f2bff1a3fa31152c57
Parents: d6ff156
Author: Colm O hEigeartaigh
Authored: Mon Jan 18 14:43:41 2016 +
Committer: Colm O hEigeartaigh
Committed: Mon Jan 18 14:44:38 2016 +
--
.../saml/sso/SAMLSSOResponseValidator.java | 8 ++--
.../saml/sso/CombinedValidatorTest.java | 1 +
.../saml/sso/SAMLSSOResponseValidatorTest.java | 49
3 files changed, 54 insertions(+), 4 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/99caed07/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
--
diff --git
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index 3ee7005..e072817 100644
---
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -50,7 +50,8 @@ public class SAMLSSOResponseValidator {
private TokenReplayCache replayCache;
/**
- * Enforce that Assertions must be signed if the POST binding was used.
The default is true.
+ * Enforce that Assertions contained in the Response must be signed (if
the Response itself is not
+ * signed). The default is true.
*/
public void setEnforceAssertionsSigned(boolean enforceAssertionsSigned) {
this.enforceAssertionsSigned = enforceAssertionsSigned;
@@ -108,9 +109,8 @@ public class SAMLSSOResponseValidator {
}
validateIssuer(assertion.getIssuer());
-if (enforceAssertionsSigned && postBinding &&
assertion.getSignature() == null) {
-LOG.fine("If the HTTP Post binding is used to deliver the
Response, "
- + "the enclosed assertions must be signed");
+if (!enforceResponseSigned && enforceAssertionsSigned &&
assertion.getSignature() == null) {
+LOG.fine("The enclosed assertions in the SAML Response must be
signed");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/99caed07/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
--
diff --git
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
index bba459e..cb684ed 100644
---
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
+++
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
@@ -168,6 +168,7 @@ public class CombinedValidatorTest extends org.junit.Assert
{
// Test SSO validation
SAMLSSOResponseValidator ssoValidator = new SAMLSSOResponseValidator();
+ssoValidator.setEnforceAssertionsSigned(false);
ssoValidator.setIssuerIDP("http://cxf.apache.org/issuer";);
ssoValidator.setAssertionConsumerURL("http://recipient.apache.org";);
ssoValidator.setClientAddress("http://apache.org";);
http://git-wip-us.apache.org/repos/asf/cxf/blob/99caed07/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
--
diff --git
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
index 9d886c3..ed4e5e2 100644
---
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
+++
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
@@ -77,6 +77,7 @@ public class SAMLSSOResponseValidatorTest extends
org.junit.Assert {
// Validate
cxf git commit: Enforce all Assertions must be signed in some way by default
Repository: cxf
Updated Branches:
refs/heads/master 6e7b79f6a -> 6c7cbe317
Enforce all Assertions must be signed in some way by default
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6c7cbe31
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6c7cbe31
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6c7cbe31
Branch: refs/heads/master
Commit: 6c7cbe317d468efd81e538319152de9fba57e1e3
Parents: 6e7b79f
Author: Colm O hEigeartaigh
Authored: Mon Jan 18 14:43:41 2016 +
Committer: Colm O hEigeartaigh
Committed: Mon Jan 18 14:43:41 2016 +
--
.../saml/sso/SAMLSSOResponseValidator.java | 8 ++--
.../saml/sso/CombinedValidatorTest.java | 1 +
.../saml/sso/SAMLSSOResponseValidatorTest.java | 49
3 files changed, 54 insertions(+), 4 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/6c7cbe31/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
--
diff --git
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index 3ee7005..e072817 100644
---
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -50,7 +50,8 @@ public class SAMLSSOResponseValidator {
private TokenReplayCache replayCache;
/**
- * Enforce that Assertions must be signed if the POST binding was used.
The default is true.
+ * Enforce that Assertions contained in the Response must be signed (if
the Response itself is not
+ * signed). The default is true.
*/
public void setEnforceAssertionsSigned(boolean enforceAssertionsSigned) {
this.enforceAssertionsSigned = enforceAssertionsSigned;
@@ -108,9 +109,8 @@ public class SAMLSSOResponseValidator {
}
validateIssuer(assertion.getIssuer());
-if (enforceAssertionsSigned && postBinding &&
assertion.getSignature() == null) {
-LOG.fine("If the HTTP Post binding is used to deliver the
Response, "
- + "the enclosed assertions must be signed");
+if (!enforceResponseSigned && enforceAssertionsSigned &&
assertion.getSignature() == null) {
+LOG.fine("The enclosed assertions in the SAML Response must be
signed");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/6c7cbe31/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
--
diff --git
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
index bba459e..cb684ed 100644
---
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
+++
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
@@ -168,6 +168,7 @@ public class CombinedValidatorTest extends org.junit.Assert
{
// Test SSO validation
SAMLSSOResponseValidator ssoValidator = new SAMLSSOResponseValidator();
+ssoValidator.setEnforceAssertionsSigned(false);
ssoValidator.setIssuerIDP("http://cxf.apache.org/issuer";);
ssoValidator.setAssertionConsumerURL("http://recipient.apache.org";);
ssoValidator.setClientAddress("http://apache.org";);
http://git-wip-us.apache.org/repos/asf/cxf/blob/6c7cbe31/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
--
diff --git
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
index 9d886c3..ed4e5e2 100644
---
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
+++
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
@@ -77,6 +77,7 @@ public class SAMLSSOResponseValidatorTest extends
org.junit.Assert {
// Validate the Respo
[5/6] cxf-fediz git commit: Updating Passive Requestor endpoint log to warning
Updating Passive Requestor endpoint log to warning
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/5b6540d4
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/5b6540d4
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/5b6540d4
Branch: refs/heads/1.2.x-fixes
Commit: 5b6540d4f2ef06972e349ce8d3f30d19c8f162e7
Parents: 8758c49
Author: Colm O hEigeartaigh
Authored: Mon Jan 18 13:40:59 2016 +
Committer: Colm O hEigeartaigh
Committed: Mon Jan 18 13:47:12 2016 +
--
.../org/apache/cxf/fediz/service/idp/beans/STSClientAction.java| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5b6540d4/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
--
diff --git
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
index 1e316b1..3f9f6c6 100644
---
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
+++
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
@@ -307,7 +307,7 @@ public class STSClientAction {
private void validateApplicationEndpoint(Application serviceConfig,
RequestContext context)
throws ProcessingException {
if (serviceConfig.getCompiledPassiveRequestorEndpointConstraint() ==
null) {
-LOG.info("No passive requestor endpoint constraint is configured
for the application. "
+LOG.warn("No passive requestor endpoint constraint is configured
for the application. "
+ "This could lead to a malicious redirection attack");
return;
}
[4/6] cxf-fediz git commit: Adding some tests
Adding some tests
Conflicts:
systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqTest.java
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/8758c493
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/8758c493
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/8758c493
Branch: refs/heads/1.2.x-fixes
Commit: 8758c4930a505b5c0f39d76e8b4977914eed077f
Parents: ced3e76
Author: Colm O hEigeartaigh
Authored: Mon Dec 14 16:36:49 2015 +
Committer: Colm O hEigeartaigh
Committed: Mon Jan 18 13:47:04 2016 +
--
.../integrationtests/AbstractAttackTests.java | 229 +++
.../fediz/integrationtests/AbstractTests.java | 130 +--
2 files changed, 241 insertions(+), 118 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/8758c493/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractAttackTests.java
--
diff --git
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractAttackTests.java
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractAttackTests.java
new file mode 100644
index 000..69e3f50
--- /dev/null
+++
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractAttackTests.java
@@ -0,0 +1,229 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.integrationtests;
+
+import java.net.URLEncoder;
+
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.wss4j.dom.WSSConfig;
+import org.junit.Assert;
+import org.junit.Test;
+
+import com.gargoylesoftware.htmlunit.CookieManager;
+import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
+import com.gargoylesoftware.htmlunit.WebClient;
+import com.gargoylesoftware.htmlunit.html.DomElement;
+import com.gargoylesoftware.htmlunit.html.DomNodeList;
+import com.gargoylesoftware.htmlunit.html.HtmlForm;
+import com.gargoylesoftware.htmlunit.html.HtmlPage;
+import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
+
+/**
+ * Some negative/attack tests for the IdP/RP
+ */
+public abstract class AbstractAttackTests {
+
+static final String TEST_WREQ =
+"http://docs.oasis-open.org/ws-sx/ws-trust/200512\";>"
++
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV3.0"
++ "";
+
+static {
+WSSConfig.init();
+}
+
+public AbstractAttackTests() {
+super();
+}
+
+public abstract String getServletContextName();
+
+public abstract String getIdpHttpsPort();
+
+public abstract String getRpHttpsPort();
+
+@Test
+public void testAliceModifiedSignature() throws Exception {
+String url = "https://localhost:"; + getRpHttpsPort() + "/" +
getServletContextName()
++ "/secure/fedservlet";
+String user = "alice";
+String password = "ecila";
+
+// Get the initial token
+CookieManager cookieManager = new CookieManager();
+final WebClient webClient = new WebClient();
+webClient.setCookieManager(cookieManager);
+webClient.getOptions().setUseInsecureSSL(true);
+webClient.getCredentialsProvider().setCredentials(
+new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+new UsernamePasswordCredentials(user, password));
+
+webClient.getOptions().setJavaScriptEnabled(false);
+final HtmlPage idpPage = webClient.getPage(url);
+webClient.getOptions().setJavaScriptEnabled(true);
+Assert.assertEquals("IDP SignIn Response Form",
idpPage.getTitleText());
+
+// Parse the form to get the token (wresult)
+DomNodeList results =
idpPage.getElementsByTagName("input");
+
+for (DomElement result : results) {
+
[6/6] cxf-fediz git commit: Fixing merge
Fixing merge
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/85258b07
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/85258b07
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/85258b07
Branch: refs/heads/1.2.x-fixes
Commit: 85258b076209ff8df3d9bf72f67ec2977c7ca423
Parents: 5b6540d
Author: Colm O hEigeartaigh
Authored: Mon Jan 18 14:18:01 2016 +
Committer: Colm O hEigeartaigh
Committed: Mon Jan 18 14:18:01 2016 +
--
.../integrationtests/AbstractAttackTests.java | 229 ---
.../fediz/integrationtests/AbstractTests.java | 124 +-
2 files changed, 113 insertions(+), 240 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/85258b07/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractAttackTests.java
--
diff --git
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractAttackTests.java
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractAttackTests.java
deleted file mode 100644
index 69e3f50..000
---
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractAttackTests.java
+++ /dev/null
@@ -1,229 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.integrationtests;
-
-import java.net.URLEncoder;
-
-import org.apache.http.auth.AuthScope;
-import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.wss4j.dom.WSSConfig;
-import org.junit.Assert;
-import org.junit.Test;
-
-import com.gargoylesoftware.htmlunit.CookieManager;
-import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
-import com.gargoylesoftware.htmlunit.WebClient;
-import com.gargoylesoftware.htmlunit.html.DomElement;
-import com.gargoylesoftware.htmlunit.html.DomNodeList;
-import com.gargoylesoftware.htmlunit.html.HtmlForm;
-import com.gargoylesoftware.htmlunit.html.HtmlPage;
-import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
-
-/**
- * Some negative/attack tests for the IdP/RP
- */
-public abstract class AbstractAttackTests {
-
-static final String TEST_WREQ =
-"http://docs.oasis-open.org/ws-sx/ws-trust/200512\";>"
-+
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV3.0"
-+ "";
-
-static {
-WSSConfig.init();
-}
-
-public AbstractAttackTests() {
-super();
-}
-
-public abstract String getServletContextName();
-
-public abstract String getIdpHttpsPort();
-
-public abstract String getRpHttpsPort();
-
-@Test
-public void testAliceModifiedSignature() throws Exception {
-String url = "https://localhost:"; + getRpHttpsPort() + "/" +
getServletContextName()
-+ "/secure/fedservlet";
-String user = "alice";
-String password = "ecila";
-
-// Get the initial token
-CookieManager cookieManager = new CookieManager();
-final WebClient webClient = new WebClient();
-webClient.setCookieManager(cookieManager);
-webClient.getOptions().setUseInsecureSSL(true);
-webClient.getCredentialsProvider().setCredentials(
-new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
-new UsernamePasswordCredentials(user, password));
-
-webClient.getOptions().setJavaScriptEnabled(false);
-final HtmlPage idpPage = webClient.getPage(url);
-webClient.getOptions().setJavaScriptEnabled(true);
-Assert.assertEquals("IDP SignIn Response Form",
idpPage.getTitleText());
-
-// Parse the form to get the token (wresult)
-DomNodeList results =
idpPage.getElementsByTagName("input");
-
-for (DomElement result : results) {
-if ("wresult".equals(result.getAttributeNS(null, "name"))) {
-// Now modify the Signature
-String value = result.getAttributeNS(null, "value");
-
[1/6] cxf-fediz git commit: Adding malicious redirection test
Repository: cxf-fediz
Updated Branches:
refs/heads/1.2.x-fixes 46b05ed9a -> 85258b076
Adding malicious redirection test
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/8c99b2f6
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/8c99b2f6
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/8c99b2f6
Branch: refs/heads/1.2.x-fixes
Commit: 8c99b2f672c6525fccde600f8cd502956194b7d1
Parents: 46b05ed
Author: Colm O hEigeartaigh
Authored: Mon Nov 16 16:53:49 2015 +
Committer: Colm O hEigeartaigh
Committed: Mon Jan 18 13:42:05 2016 +
--
.../fediz/integrationtests/AbstractTests.java | 82
1 file changed, 82 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/8c99b2f6/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
--
diff --git
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index c636aeb..88ab429 100644
---
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -25,14 +25,21 @@ import org.w3c.dom.Node;
import com.gargoylesoftware.htmlunit.CookieManager;
import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
+import com.gargoylesoftware.htmlunit.HttpMethod;
import com.gargoylesoftware.htmlunit.WebClient;
+import com.gargoylesoftware.htmlunit.WebRequest;
import com.gargoylesoftware.htmlunit.html.DomElement;
import com.gargoylesoftware.htmlunit.html.DomNodeList;
import com.gargoylesoftware.htmlunit.html.HtmlForm;
import com.gargoylesoftware.htmlunit.html.HtmlPage;
import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
+import com.gargoylesoftware.htmlunit.util.NameValuePair;
import com.gargoylesoftware.htmlunit.xml.XmlPage;
+import java.net.URL;
+import java.net.URLEncoder;
+import java.util.ArrayList;
+
import org.apache.cxf.fediz.core.ClaimTypes;
import org.apache.cxf.fediz.core.FederationConstants;
import org.apache.cxf.fediz.core.util.DOMUtils;
@@ -577,4 +584,79 @@ public abstract class AbstractTests {
Assert.assertTrue("Unexpected content of RP page",
bodyTextContent2.contains("Secure Test"));
}
+@org.junit.Test
+public void testMaliciousRedirect() throws Exception {
+String url = "https://localhost:"; + getRpHttpsPort() + "/" +
getServletContextName() + "/secure/fedservlet";
+String user = "alice";
+String password = "ecila";
+
+CookieManager cookieManager = new CookieManager();
+
+// 1. Login
+HTTPTestUtils.loginWithCookieManager(url, user, password,
getIdpHttpsPort(), cookieManager);
+
+// 2. Now we should have a cookie from the RP and IdP and should be
able to do
+// subsequent requests without authenticate again. Lets test this
first.
+WebClient webClient = new WebClient();
+webClient.setCookieManager(cookieManager);
+webClient.getOptions().setUseInsecureSSL(true);
+HtmlPage rpPage = webClient.getPage(url);
+Assert.assertTrue("WS Federation Systests
Examples".equals(rpPage.getTitleText())
+ || "WS Federation Systests Spring
Examples".equals(rpPage.getTitleText()));
+
+// 3. Now a malicious user sends the client a URL with a bad "wreply"
address to the IdP
+String maliciousURL = "https://www.apache.org/attack";;
+String idpUrl
+ = "https://localhost:"; + getIdpHttpsPort() + "/fediz-idp/federation";
+idpUrl += "?wa=wsignin1.0&wreply=" + URLEncoder.encode(maliciousURL,
"UTF-8");
+idpUrl +=
"&wtrealm=urn%3Aorg%3Aapache%3Acxf%3Afediz%3Afedizhelloworld";
+idpUrl += "&whr=urn%3Aorg%3Aapache%3Acxf%3Afediz%3Aidp%3Arealm-A";
+
+final WebClient webClient2 = new WebClient();
+webClient2.setCookieManager(cookieManager);
+webClient2.getOptions().setUseInsecureSSL(true);
+webClient2.getCredentialsProvider().setCredentials(
+new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+new UsernamePasswordCredentials(user, password));
+
+webClient2.getOptions().setJavaScriptEnabled(false);
+final HtmlPage idpPage = webClient2.getPage(idpUrl);
+webClient2.getOptions().setJavaScriptEnabled(true);
+Assert.assertEquals("IDP SignIn Response Form",
idpPage.getTitleText());
+
+// Check that the form is to be posted to the malicious URL
+DomNodeList formResults =
idpPage.getElementsByT
[2/6] cxf-fediz git commit: Fixing redirection attack issue
Fixing redirection attack issue
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/fd8dcda5
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/fd8dcda5
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/fd8dcda5
Branch: refs/heads/1.2.x-fixes
Commit: fd8dcda574889e1d1e7021072f47c71f2e38e4db
Parents: 8c99b2f
Author: Colm O hEigeartaigh
Authored: Fri Nov 27 17:10:51 2015 +
Committer: Colm O hEigeartaigh
Committed: Mon Jan 18 13:43:40 2016 +
--
.../service/idp/beans/STSClientAction.java | 25 +++
.../fediz/service/idp/domain/Application.java | 23 +-
.../idp/service/jpa/ApplicationDAOJPAImpl.java | 2 +
.../idp/service/jpa/ApplicationEntity.java | 11 +
.../idp/src/main/resources/entities-realma.xml | 2 +
.../src/test/resources/entities-realma.xml | 2 +
.../test/resources/realma/entities-realma.xml | 2 +
.../fediz/integrationtests/AbstractTests.java | 44 +++-
.../test/resources/realma/entities-realma.xml | 2 +
9 files changed, 74 insertions(+), 39 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd8dcda5/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
--
diff --git
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
index 948c557..1e316b1 100644
---
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
+++
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
@@ -25,6 +25,7 @@ import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.X509Certificate;
import java.util.List;
+import java.util.regex.Matcher;
import javax.servlet.http.HttpServletRequest;
import javax.xml.namespace.QName;
@@ -199,6 +200,9 @@ public class STSClientAction {
throw new ProcessingException(TYPE.BAD_REQUEST);
}
+// Check wreply parameter against passive requestor endpoint constraint
+validateApplicationEndpoint(serviceConfig, context);
+
// Parse wreq parameter - we only support parsing TokenType and
KeyType for now
String wreq = (String)WebUtils.getAttributeFromFlowScope(context,
FederationConstants.PARAM_REQUEST);
String stsTokenType = null;
@@ -299,6 +303,27 @@ public class STSClientAction {
return StringEscapeUtils.escapeXml11(rpToken);
}
+// The wreply address must match the passive endpoint requestor constraint
(if it is specified)
+private void validateApplicationEndpoint(Application serviceConfig,
RequestContext context)
+throws ProcessingException {
+if (serviceConfig.getCompiledPassiveRequestorEndpointConstraint() ==
null) {
+LOG.info("No passive requestor endpoint constraint is configured
for the application. "
+ + "This could lead to a malicious redirection attack");
+return;
+}
+
+String wreply =
+(String)WebUtils.getAttributeFromFlowScope(context,
FederationConstants.PARAM_REPLY);
+if (wreply != null) {
+Matcher matcher =
serviceConfig.getCompiledPassiveRequestorEndpointConstraint().matcher(wreply);
+if (!matcher.matches()) {
+LOG.error("The wreply value of {} does not match any of the
passive requestor values",
+ wreply);
+throw new ProcessingException(TYPE.BAD_REQUEST);
+}
+}
+}
+
private String getIdFromToken(String token) throws XMLStreamException {
InputStream is = new ByteArrayInputStream(token.getBytes());
Document doc = StaxUtils.read(is);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd8dcda5/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
--
diff --git
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
index 5f14f5b..43c7e8a 100644
---
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
+++
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
@@ -22,6 +22,7 @@ import java.io.Serializable;
import java.net.URI;
import java.util.ArrayList;
import java.util.List;
+import java.util.regex.Pattern;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElementRef;
@@ -32,7
[3/6] cxf-fediz git commit: Fixing spring tests
Fixing spring tests Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/ced3e763 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/ced3e763 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/ced3e763 Branch: refs/heads/1.2.x-fixes Commit: ced3e76363b87da4ad59463f26c8fe12d341e1dd Parents: fd8dcda Author: Colm O hEigeartaigh Authored: Sat Nov 28 18:04:40 2015 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 13:44:00 2016 + -- services/idp/src/main/resources/entities-realma.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ced3e763/services/idp/src/main/resources/entities-realma.xml -- diff --git a/services/idp/src/main/resources/entities-realma.xml b/services/idp/src/main/resources/entities-realma.xml index b76bf66..995b92d 100644 --- a/services/idp/src/main/resources/entities-realma.xml +++ b/services/idp/src/main/resources/entities-realma.xml @@ -105,7 +105,7 @@ http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"; /> https://localhost:(\d)*/(\w)*helloworld(\w)*/secure/.*" /> + value="https://localhost:(\d)*/(\w)*helloworld(\w)*/.*" />
cxf-fediz git commit: Updating Passive Requestor endpoint log to warning
Repository: cxf-fediz
Updated Branches:
refs/heads/master 0d30b0129 -> 33c86fc33
Updating Passive Requestor endpoint log to warning
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/33c86fc3
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/33c86fc3
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/33c86fc3
Branch: refs/heads/master
Commit: 33c86fc336ec6f81062f6541d631277272b6b148
Parents: 0d30b01
Author: Colm O hEigeartaigh
Authored: Mon Jan 18 13:40:59 2016 +
Committer: Colm O hEigeartaigh
Committed: Mon Jan 18 13:40:59 2016 +
--
.../org/apache/cxf/fediz/service/idp/beans/STSClientAction.java| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/33c86fc3/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
--
diff --git
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
index 295dceb..efe7fd6 100644
---
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
+++
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
@@ -310,7 +310,7 @@ public class STSClientAction {
private void validateApplicationEndpoint(Application serviceConfig,
RequestContext context)
throws ProcessingException {
if (serviceConfig.getCompiledPassiveRequestorEndpointConstraint() ==
null) {
-LOG.info("No passive requestor endpoint constraint is configured
for the application. "
+LOG.warn("No passive requestor endpoint constraint is configured
for the application. "
+ "This could lead to a malicious redirection attack");
return;
}
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4854 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes cf3584f33 -> d6ff15642 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d6ff1564 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d6ff1564 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d6ff1564 Branch: refs/heads/3.1.x-fixes Commit: d6ff1564248ae7926ab105f6f56018acdc6494b3 Parents: cf3584f Author: Colm O hEigeartaigh Authored: Mon Jan 18 11:55:29 2016 + Committer: Colm O hEigeartaigh Committed: Mon Jan 18 11:55:29 2016 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/d6ff1564/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 76b9be1..8530deb 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -5,6 +5,7 @@ B 0dfaf8d72574511ad9027c663707f9e30b945fbc B 39851b83af116611ce0efe70c4b9a32ee8491523 B 59b8615053ddcad353fbebcd9a5b1109ae0897a1 B 65e1e07fdb810ec9de135530ca3e3d23821836a3 +B 6e7b79f6a8b6523b2248937275d92918e5682aa2 B 7b7629682d15345518e66d46e575bf1ac334cf00 B 7fc957efa3a193a5f2ae178b8a608717ce4c5b26 B 85c397f853c6b7ca0ed6d924445d6173962e1ec4
cxf git commit: Fixing distribution
Repository: cxf
Updated Branches:
refs/heads/master 79d6097a0 -> 6e7b79f6a
Fixing distribution
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6e7b79f6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6e7b79f6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6e7b79f6
Branch: refs/heads/master
Commit: 6e7b79f6a8b6523b2248937275d92918e5682aa2
Parents: 79d6097
Author: Colm O hEigeartaigh
Authored: Mon Jan 18 11:55:02 2016 +
Committer: Colm O hEigeartaigh
Committed: Mon Jan 18 11:55:02 2016 +
--
.../sign_enc/src/main/java/demo/wssec/client/StaxClient.java | 2 +-
.../sign_enc/src/main/java/demo/wssec/server/StaxServer.java | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/6e7b79f6/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/StaxClient.java
--
diff --git
a/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/StaxClient.java
b/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/StaxClient.java
index 9a96359..d64aa0d 100644
---
a/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/StaxClient.java
+++
b/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/StaxClient.java
@@ -92,7 +92,7 @@ public final class StaxClient {
properties.setSignatureCryptoProperties(sigCryptoProperties);
properties.setSignatureKeyIdentifier(
-
WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference
+
WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE
);
properties.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1";);
properties.addSignaturePart(
http://git-wip-us.apache.org/repos/asf/cxf/blob/6e7b79f6/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/StaxServer.java
--
diff --git
a/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/StaxServer.java
b/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/StaxServer.java
index 7559434..0d10e4a 100644
---
a/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/StaxServer.java
+++
b/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/StaxServer.java
@@ -88,7 +88,7 @@ public class StaxServer {
properties.setSignatureCryptoProperties(decCryptoProperties);
properties.setSignatureKeyIdentifier(
-WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference
+
WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE
);
properties.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1";);
properties.addSignaturePart(
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4852 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
