cxf git commit: [CXF-6768]InternalContextUtils should bak all the data from the input stream before send back partialResponse
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 72547f021 -> afaf1debd [CXF-6768]InternalContextUtils should bak all the data from the input stream before send back partialResponse (cherry picked from commit 2726b68fa3dbc8a98018cc957bef47a23c9a950e) Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/afaf1deb Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/afaf1deb Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/afaf1deb Branch: refs/heads/3.1.x-fixes Commit: afaf1debd104b7d9850713b866b9f4d58e8dd8d5 Parents: 72547f0 Author: Freeman FangAuthored: Wed Feb 17 12:03:14 2016 +0800 Committer: Freeman Fang Committed: Wed Feb 17 12:05:22 2016 +0800 -- .../ws/addressing/impl/InternalContextUtils.java | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/afaf1deb/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/impl/InternalContextUtils.java -- diff --git a/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/impl/InternalContextUtils.java b/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/impl/InternalContextUtils.java index 2c41925..df06173 100644 --- a/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/impl/InternalContextUtils.java +++ b/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/impl/InternalContextUtils.java @@ -268,7 +268,15 @@ final class InternalContextUtils { exchange.put(ConduitSelector.class, new PreexistingConduitSelector(backChannel, exchange.getEndpoint())); - +if (ContextUtils.retrieveAsyncPostResponseDispatch(inMessage) && !robust) { +//need to suck in all the data from the input stream as +//the transport might discard any data on the stream when this +//thread unwinds or when the empty response is sent back +DelegatingInputStream in = inMessage.getContent(DelegatingInputStream.class); +if (in != null) { +in.cacheInput(); +} +} if (chain != null && !chain.doIntercept(partialResponse) && partialResponse.getContent(Exception.class) != null) { if (partialResponse.getContent(Exception.class) instanceof Fault) { @@ -294,14 +302,7 @@ final class InternalContextUtils { if (ContextUtils.retrieveAsyncPostResponseDispatch(inMessage) && !robust) { -//need to suck in all the data from the input stream as -//the transport might discard any data on the stream when this -//thread unwinds or when the empty response is sent back -DelegatingInputStream in = inMessage.getContent(DelegatingInputStream.class); -if (in != null) { -in.cacheInput(); -} - + // async service invocation required *after* a response // has been sent (i.e. to a oneway, or a partial response // to a decoupled twoway)
cxf git commit: [CXF-6768]InternalContextUtils should bak all the data from the input stream before send back partialResponse
Repository: cxf Updated Branches: refs/heads/master 087ae7575 -> 2726b68fa [CXF-6768]InternalContextUtils should bak all the data from the input stream before send back partialResponse Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2726b68f Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2726b68f Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2726b68f Branch: refs/heads/master Commit: 2726b68fa3dbc8a98018cc957bef47a23c9a950e Parents: 087ae75 Author: Freeman FangAuthored: Wed Feb 17 12:03:14 2016 +0800 Committer: Freeman Fang Committed: Wed Feb 17 12:03:14 2016 +0800 -- .../ws/addressing/impl/InternalContextUtils.java | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/2726b68f/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/impl/InternalContextUtils.java -- diff --git a/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/impl/InternalContextUtils.java b/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/impl/InternalContextUtils.java index 2c41925..df06173 100644 --- a/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/impl/InternalContextUtils.java +++ b/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/impl/InternalContextUtils.java @@ -268,7 +268,15 @@ final class InternalContextUtils { exchange.put(ConduitSelector.class, new PreexistingConduitSelector(backChannel, exchange.getEndpoint())); - +if (ContextUtils.retrieveAsyncPostResponseDispatch(inMessage) && !robust) { +//need to suck in all the data from the input stream as +//the transport might discard any data on the stream when this +//thread unwinds or when the empty response is sent back +DelegatingInputStream in = inMessage.getContent(DelegatingInputStream.class); +if (in != null) { +in.cacheInput(); +} +} if (chain != null && !chain.doIntercept(partialResponse) && partialResponse.getContent(Exception.class) != null) { if (partialResponse.getContent(Exception.class) instanceof Fault) { @@ -294,14 +302,7 @@ final class InternalContextUtils { if (ContextUtils.retrieveAsyncPostResponseDispatch(inMessage) && !robust) { -//need to suck in all the data from the input stream as -//the transport might discard any data on the stream when this -//thread unwinds or when the empty response is sent back -DelegatingInputStream in = inMessage.getContent(DelegatingInputStream.class); -if (in != null) { -in.cacheInput(); -} - + // async service invocation required *after* a response // has been sent (i.e. to a oneway, or a partial response // to a decoupled twoway)
Nexus: Promotion Completed
Message from: https://repository.apache.orgDeployer properties:"userAgent" = "Apache-Maven/3.3.9 (Java 1.7.0_80; Linux 4.2.0-27-generic)""userId" = "coheigea""ip" = "80.169.137.63"Details:The following artifacts have been promoted to the "Releases" [id=releases] repository/org/apache/cxf/fediz/apache-fediz/1.2.2/apache-fediz-1.2.2.zip(SHA1: 05e2ab64e1f472f17a388ce7033c846f15a7ead9)/org/apache/cxf/fediz/apache-fediz/1.2.2/apache-fediz-1.2.2.pom.asc(SHA1: 295f86ad991e11c70a55b618b207f618fecc4eae)/org/apache/cxf/fediz/apache-fediz/1.2.2/apache-fediz-1.2.2.pom(SHA1: 4fedaaa7f2e912e21bb2e95b14d5c7afef40d02a)/org/apache/cxf/fediz/apache-fediz/1.2.2/apache-fediz-1.2.2.zip.asc(SHA1: 9d6a31995ad606f597466f8f6a928efe3a3d5378)/org/apache/cxf/fediz/fediz-systests/1.2.2/fediz-systests-1.2.2.pom(SHA1: 5f19419b90b60e26c03840f221800b74b101d575)/org/apache/cxf/fediz/fediz-systests/1.2.2/fediz-systests-1.2.2.pom.asc(SHA1: e345d46c5d59d2a64c26a5299237974e08dbb737)/org/apache/cxf/fediz/plugin/1.2.2/plugin-1.2.2.pom(SHA1: d58b798c220f8ac7ba536c6d9c7f4bf06eee9111)/org/apache/cxf/fediz/plugin/1.2.2/plugin-1.2.2.pom.asc(SHA1: d3e13cbf932b282051c6445086272c470cfbc16b)/org/apache/cxf/fediz/examples/wsclientWebapp/webservice/fedizservice/1.2.2/fedizservice-1.2.2.war.asc(SHA1: f93163400ec07dfc09ad2fecba2b3319ddec31c1)/org/apache/cxf/fediz/examples/wsclientWebapp/webservice/fedizservice/1.2.2/fedizservice-1.2.2.war(SHA1: 5866d2d11094a70771b6b3bb11286911d5c418aa)/org/apache/cxf/fediz/examples/wsclientWebapp/webservice/fedizservice/1.2.2/fedizservice-1.2.2-javadoc.jar(SHA1: 11d136106f1b296f34da81c912a48c0dd3ef3202)/org/apache/cxf/fediz/examples/wsclientWebapp/webservice/fedizservice/1.2.2/fedizservice-1.2.2-sources.jar.asc(SHA1: a185a1cc964298d95ebfa7773bb88ca31b04b3bd)/org/apache/cxf/fediz/examples/wsclientWebapp/webservice/fedizservice/1.2.2/fedizservice-1.2.2.pom.asc(SHA1: e888d838e592994514cb6d648cdc6fd6c3461a1d)/org/apache/cxf/fediz/examples/wsclientWebapp/webservice/fedizservice/1.2.2/fedizservice-1.2.2-sources.jar(SHA1: d7fe1e57f42dbe793758173c6a4f0a53442d55f0)/org/apache/cxf/fediz/examples/wsclientWebapp/webservice/fedizservice/1.2.2/fedizservice-1.2.2.pom(SHA1: 8a63ce9661f4e24066b9936b2b5d2c411b29c344)/org/apache/cxf/fediz/examples/wsclientWebapp/webservice/fedizservice/1.2.2/fedizservice-1.2.2-javadoc.jar.asc(SHA1: 0fbf716fd32b46602bedf37b75da6ef71fd25407)/org/apache/cxf/fediz/examples/wsclientWebapp/webservice/common/1.2.2/common-1.2.2-javadoc.jar.asc(SHA1: 5aad38456a6e1fafb7a31a1891a01d5ca153732c)/org/apache/cxf/fediz/examples/wsclientWebapp/webservice/common/1.2.2/common-1.2.2-javadoc.jar(SHA1: 31ef75615852e400fffae907826ed15696da883d)/org/apache/cxf/fediz/examples/wsclientWebapp/webservice/common/1.2.2/common-1.2.2.jar.asc(SHA1: 6dccfe76370df929feb8f2ef4046528149f7508a)/org/apache/cxf/fediz/examples/wsclientWebapp/webservice/common/1.2.2/common-1.2.2-sources.jar(SHA1: e641d91e6369e37b6202b68175231f851efdb90a)/org/apache/cxf/fediz/examples/wsclientWebapp/webservice/common/1.2.2/common-1.2.2-sources.jar.asc(SHA1: 67556558ee5355ae0fde2a46c4e47a88f4238f57)/org/apache/cxf/fediz/examples/wsclientWebapp/webservice/common/1.2.2/common-1.2.2.pom(SHA1: 273444c83e6b5c97591a3c1ef57d6af567f5b004)/org/apache/cxf/fediz/examples/wsclientWebapp/webservice/common/1.2.2/common-1.2.2.pom.asc(SHA1: 0dbdf4a9459f4ea0c7cfeba6c03dd50723a84ca9)/org/apache/cxf/fediz/examples/wsclientWebapp/webservice/common/1.2.2/common-1.2.2.jar(SHA1: e0b20aaeb442152d72ae65d8606f936c0402062f)/org/apache/cxf/fediz/examples/wsclientWebapp/webservice/1.2.2/webservice-1.2.2.pom(SHA1: d0209596bcb854db82b695e57465b4858792551f)/org/apache/cxf/fediz/examples/wsclientWebapp/webservice/1.2.2/webservice-1.2.2.pom.asc(SHA1: aa5fee7cfc0ef5887e5ba77f443dbd6765a1c6ba)/org/apache/cxf/fediz/examples/wsclientWebapp/webapp/1.2.2/webapp-1.2.2.war.asc(SHA1: 4a99c28c639445332eff7ea666cd0c8eabd201df)/org/apache/cxf/fediz/examples/wsclientWebapp/webapp/1.2.2/webapp-1.2.2-sources.jar(SHA1: 62706b9dc14e04c27ea3804d9b890c179a27f0d7)/org/apache/cxf/fediz/examples/wsclientWebapp/webapp/1.2.2/webapp-1.2.2-javadoc.jar.asc(SHA1: f9402389db226befd1183a73a45832687e1334e7)/org/apache/cxf/fediz/examples/wsclientWebapp/webapp/1.2.2/webapp-1.2.2.pom(SHA1: f964be8dabdbaaf1d169b5d781ebd7a79ea7ee6b)/org/apache/cxf/fediz/examples/wsclientWebapp/webapp/1.2.2/webapp-1.2.2-javadoc.jar(SHA1: a486260b941619897a88c5a390b7db9e7ef55c19)/org/apache/cxf/fediz/examples/wsclientWebapp/webapp/1.2.2/webapp-1.2.2-sources.jar.asc(SHA1: f40a67703418e59fb8e0e0abda1d3842275e8319)/org/apache/cxf/fediz/examples/wsclientWebapp/webapp/1.2.2/webapp-1.2.2.war(SHA1: 17489f9ee4c24f34827b36e70c05e683d9ffdb94)/org/apache/cxf/fediz/examples/wsclientWebapp/webapp/1.2.2/webapp-1.2.2.pom.asc(SHA1: a035e7b684e8848bc20fde0d467375196b51c67a)/org/apache/cxf/fediz/examples/wsclientWebapp/1.2.2/wsclientWebapp-1.2.2.pom(SHA1:
cxf git commit: [CXF-5439, CXF-6779] Adding a CXF Provider annotation, marking Swagger2Feature, updating Spring Boot demo
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes d3e47e330 -> 72547f021 [CXF-5439,CXF-6779] Adding a CXF Provider annotation, marking Swagger2Feature, updating Spring Boot demo Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/72547f02 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/72547f02 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/72547f02 Branch: refs/heads/3.1.x-fixes Commit: 72547f021ffb15dbb0642515e830272ff48bacd5 Parents: d3e47e3 Author: Sergey BeryozkinAuthored: Tue Feb 16 17:01:48 2016 + Committer: Sergey Beryozkin Committed: Tue Feb 16 17:18:24 2016 + -- .../org/apache/cxf/annotations/Provider.java| 34 +++ .../samples/jax_rs/jaxrs_spring_boot/pom.xml| 19 +-- .../java/sample/rs/service/HelloService.java| 4 +- .../rs/service/SampleScanRestApplication.java | 13 +++-- .../AbstractSpringComponentScanServer.java | 60 ++-- .../AbstractSpringConfigurationFactory.java | 2 +- .../cxf/jaxrs/swagger/Swagger2Feature.java | 3 + 7 files changed, 119 insertions(+), 16 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/72547f02/core/src/main/java/org/apache/cxf/annotations/Provider.java -- diff --git a/core/src/main/java/org/apache/cxf/annotations/Provider.java b/core/src/main/java/org/apache/cxf/annotations/Provider.java new file mode 100644 index 000..4bf751e --- /dev/null +++ b/core/src/main/java/org/apache/cxf/annotations/Provider.java @@ -0,0 +1,34 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.annotations; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +@Target(ElementType.TYPE) +@Retention(RetentionPolicy.RUNTIME) +public @interface Provider { +enum Type { InInterceptor, OutInterceptor, InFaultInterceptor, OutFaultInterceptor, Feature } +enum Scope { Server, Client, All } + +Type value(); +Scope scope() default Scope.All; +} http://git-wip-us.apache.org/repos/asf/cxf/blob/72547f02/distribution/src/main/release/samples/jax_rs/jaxrs_spring_boot/pom.xml -- diff --git a/distribution/src/main/release/samples/jax_rs/jaxrs_spring_boot/pom.xml b/distribution/src/main/release/samples/jax_rs/jaxrs_spring_boot/pom.xml index 00a4aa9..4bb4896 100644 --- a/distribution/src/main/release/samples/jax_rs/jaxrs_spring_boot/pom.xml +++ b/distribution/src/main/release/samples/jax_rs/jaxrs_spring_boot/pom.xml @@ -46,18 +46,27 @@ cxf-rt-transports-http ${cxf.version} - + org.apache.cxf cxf-rt-rs-service-description ${cxf.version} - + +io.swagger +swagger-jaxrs +1.5.4 + + +javax.ws.rs +jsr311-api + + + org.springframework.boot spring-boot-starter-web 1.2.3.RELEASE - @@ -65,9 +74,11 @@ org.springframework.boot spring-boot-maven-plugin - sample.rs.service.SampleRestApplication sample.rs.service.SampleScanRestApplication + http://git-wip-us.apache.org/repos/asf/cxf/blob/72547f02/distribution/src/main/release/samples/jax_rs/jaxrs_spring_boot/src/main/java/sample/rs/service/HelloService.java -- diff --git a/distribution/src/main/release/samples/jax_rs/jaxrs_spring_boot/src/main/java/sample/rs/service/HelloService.java
[2/2] cxf git commit: Add the ability to sign/encrypt UserInfoService responses using asymmetric keys
Add the ability to sign/encrypt UserInfoService responses using asymmetric keys Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0130a152 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0130a152 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0130a152 Branch: refs/heads/3.0.x-fixes Commit: 0130a15283423feccda7f32cd5b8c57ffb728f4c Parents: ad191a9 Author: Colm O hEigeartaighAuthored: Tue Feb 16 17:06:39 2016 + Committer: Colm O hEigeartaigh Committed: Tue Feb 16 17:10:28 2016 + -- .../provider/AbstractOAuthServerJoseJwtProducer.java | 14 +++--- .../cxf/rs/security/oidc/idp/UserInfoService.java | 8 ++-- 2 files changed, 17 insertions(+), 5 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/0130a152/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthServerJoseJwtProducer.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthServerJoseJwtProducer.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthServerJoseJwtProducer.java index 31d8506..f1dafaa 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthServerJoseJwtProducer.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthServerJoseJwtProducer.java @@ -25,6 +25,7 @@ import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider; import org.apache.cxf.rs.security.jose.jwe.JweUtils; +import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; import org.apache.cxf.rs.security.jose.jwt.JwtToken; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rt.security.crypto.CryptoUtils; @@ -35,12 +36,12 @@ public abstract class AbstractOAuthServerJoseJwtProducer extends AbstractOAuthJo protected String processJwt(JwtToken jwt, Client client) { return processJwt(jwt, getInitializedEncryptionProvider(client), - getInitializedSignatureProvider(client.getClientSecret())); + getInitializedSignatureProvider(client)); } protected JweEncryptionProvider getInitializedEncryptionProvider(Client c) { JweEncryptionProvider theEncryptionProvider = null; -if (encryptWithClientCertificates) { +if (encryptWithClientCertificates && c != null && !c.getApplicationCertificates().isEmpty()) { X509Certificate cert = (X509Certificate)CryptoUtils.decodeCertificate(c.getApplicationCertificates().get(0)); theEncryptionProvider = JweUtils.createJweEncryptionProvider((RSAPublicKey)cert.getPublicKey(), @@ -48,12 +49,19 @@ public abstract class AbstractOAuthServerJoseJwtProducer extends AbstractOAuthJo ContentAlgorithm.A128GCM, null); } -if (theEncryptionProvider == null) { +if (theEncryptionProvider == null && c != null && c.getClientSecret() != null) { theEncryptionProvider = super.getInitializedEncryptionProvider(c.getClientSecret()); } return theEncryptionProvider; } + +protected JwsSignatureProvider getInitializedSignatureProvider(Client c) { +if (c == null) { +return null; +} +return super.getInitializedSignatureProvider(c.getClientSecret()); +} public void setEncryptWithClientCertificates(boolean encryptWithClientCertificates) { if (isEncryptWithClientSecret()) { http://git-wip-us.apache.org/repos/asf/cxf/blob/0130a152/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java -- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java index 1f5d99d..22b058a 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java @@ -28,6 +28,7 @@ import javax.ws.rs.core.Response; import
[1/2] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes ad191a905 -> 8ff028049 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8ff02804 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8ff02804 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8ff02804 Branch: refs/heads/3.0.x-fixes Commit: 8ff0280497e478353be3488abe932e96dbc9b35e Parents: 0130a15 Author: Colm O hEigeartaighAuthored: Tue Feb 16 17:10:28 2016 + Committer: Colm O hEigeartaigh Committed: Tue Feb 16 17:10:28 2016 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/8ff02804/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index c2fc09d..2bdb7f3 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -1041,6 +1041,7 @@ M d2b5baa69415ea41f5865a8961c813feead3b22a M d2d8f6d6e2773025e0dd1c51c6b5e5d2e721def8 M d2dec5b87788b8cb5059d3719cf3dfd7135a1280 M d356ec692ca58de0b6dd4922d7067cb3d69918a8 +M d3e47e3306696eaab28a00aaf879f10f57b3c792 M d4841e0b7167685d50416317c19675fa386a53e9 M d4a35c40d53fde17fec3d08c25215c7533dcb667 M d5315e072b8dd5222ede6f8e47c1e3e645209f59
cxf git commit: Add the ability to sign/encrypt UserInfoService responses using asymmetric keys
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 609fcadef -> d3e47e330 Add the ability to sign/encrypt UserInfoService responses using asymmetric keys Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d3e47e33 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d3e47e33 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d3e47e33 Branch: refs/heads/3.1.x-fixes Commit: d3e47e3306696eaab28a00aaf879f10f57b3c792 Parents: 609fcad Author: Colm O hEigeartaighAuthored: Tue Feb 16 17:06:39 2016 + Committer: Colm O hEigeartaigh Committed: Tue Feb 16 17:09:09 2016 + -- .../oauth2/provider/OAuthServerJoseJwtProducer.java | 14 +++--- .../cxf/rs/security/oidc/idp/UserInfoService.java | 8 ++-- 2 files changed, 17 insertions(+), 5 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/d3e47e33/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServerJoseJwtProducer.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServerJoseJwtProducer.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServerJoseJwtProducer.java index 24e6a16..35a323f 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServerJoseJwtProducer.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServerJoseJwtProducer.java @@ -25,6 +25,7 @@ import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider; import org.apache.cxf.rs.security.jose.jwe.JweUtils; +import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; import org.apache.cxf.rs.security.jose.jwt.JwtToken; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rt.security.crypto.CryptoUtils; @@ -35,12 +36,12 @@ public class OAuthServerJoseJwtProducer extends OAuthJoseJwtProducer { public String processJwt(JwtToken jwt, Client client) { return processJwt(jwt, getInitializedEncryptionProvider(client), - getInitializedSignatureProvider(client.getClientSecret())); + getInitializedSignatureProvider(client)); } protected JweEncryptionProvider getInitializedEncryptionProvider(Client c) { JweEncryptionProvider theEncryptionProvider = null; -if (encryptWithClientCertificates) { +if (encryptWithClientCertificates && c != null && !c.getApplicationCertificates().isEmpty()) { X509Certificate cert = (X509Certificate)CryptoUtils.decodeCertificate(c.getApplicationCertificates().get(0)); theEncryptionProvider = JweUtils.createJweEncryptionProvider((RSAPublicKey)cert.getPublicKey(), @@ -48,12 +49,19 @@ public class OAuthServerJoseJwtProducer extends OAuthJoseJwtProducer { ContentAlgorithm.A128GCM, null); } -if (theEncryptionProvider == null) { +if (theEncryptionProvider == null && c != null && c.getClientSecret() != null) { theEncryptionProvider = super.getInitializedEncryptionProvider(c.getClientSecret()); } return theEncryptionProvider; } + +protected JwsSignatureProvider getInitializedSignatureProvider(Client c) { +if (c == null) { +return null; +} +return super.getInitializedSignatureProvider(c.getClientSecret()); +} public void setEncryptWithClientCertificates(boolean encryptWithClientCertificates) { if (isEncryptWithClientSecret()) { http://git-wip-us.apache.org/repos/asf/cxf/blob/d3e47e33/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java -- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java index 9955bf9..5edf228 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java @@ -26,6 +26,7 @@ import javax.ws.rs.core.Response; import
cxf git commit: Add the ability to sign/encrypt UserInfoService responses using asymmetric keys
Repository: cxf Updated Branches: refs/heads/master 4946ee58a -> 087ae7575 Add the ability to sign/encrypt UserInfoService responses using asymmetric keys Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/087ae757 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/087ae757 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/087ae757 Branch: refs/heads/master Commit: 087ae75756e9bbd6984cd3bd1a7d609ae8bd659f Parents: 4946ee5 Author: Colm O hEigeartaighAuthored: Tue Feb 16 17:06:39 2016 + Committer: Colm O hEigeartaigh Committed: Tue Feb 16 17:07:58 2016 + -- .../oauth2/provider/OAuthServerJoseJwtProducer.java | 14 +++--- .../cxf/rs/security/oidc/idp/UserInfoService.java | 8 ++-- 2 files changed, 17 insertions(+), 5 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/087ae757/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServerJoseJwtProducer.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServerJoseJwtProducer.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServerJoseJwtProducer.java index 24e6a16..35a323f 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServerJoseJwtProducer.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServerJoseJwtProducer.java @@ -25,6 +25,7 @@ import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider; import org.apache.cxf.rs.security.jose.jwe.JweUtils; +import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; import org.apache.cxf.rs.security.jose.jwt.JwtToken; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rt.security.crypto.CryptoUtils; @@ -35,12 +36,12 @@ public class OAuthServerJoseJwtProducer extends OAuthJoseJwtProducer { public String processJwt(JwtToken jwt, Client client) { return processJwt(jwt, getInitializedEncryptionProvider(client), - getInitializedSignatureProvider(client.getClientSecret())); + getInitializedSignatureProvider(client)); } protected JweEncryptionProvider getInitializedEncryptionProvider(Client c) { JweEncryptionProvider theEncryptionProvider = null; -if (encryptWithClientCertificates) { +if (encryptWithClientCertificates && c != null && !c.getApplicationCertificates().isEmpty()) { X509Certificate cert = (X509Certificate)CryptoUtils.decodeCertificate(c.getApplicationCertificates().get(0)); theEncryptionProvider = JweUtils.createJweEncryptionProvider((RSAPublicKey)cert.getPublicKey(), @@ -48,12 +49,19 @@ public class OAuthServerJoseJwtProducer extends OAuthJoseJwtProducer { ContentAlgorithm.A128GCM, null); } -if (theEncryptionProvider == null) { +if (theEncryptionProvider == null && c != null && c.getClientSecret() != null) { theEncryptionProvider = super.getInitializedEncryptionProvider(c.getClientSecret()); } return theEncryptionProvider; } + +protected JwsSignatureProvider getInitializedSignatureProvider(Client c) { +if (c == null) { +return null; +} +return super.getInitializedSignatureProvider(c.getClientSecret()); +} public void setEncryptWithClientCertificates(boolean encryptWithClientCertificates) { if (isEncryptWithClientSecret()) { http://git-wip-us.apache.org/repos/asf/cxf/blob/087ae757/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java -- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java index 9955bf9..5edf228 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java @@ -26,6 +26,7 @@ import javax.ws.rs.core.Response; import
[3/3] cxf git commit: Adding a custom WSS4JSecurityContextCreator for an STS system test
Adding a custom WSS4JSecurityContextCreator for an STS system test Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/609fcade Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/609fcade Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/609fcade Branch: refs/heads/3.1.x-fixes Commit: 609fcadef1b418c05f3cf9d29dac87f458281156 Parents: 47839c6 Author: Colm O hEigeartaighAuthored: Tue Feb 16 13:48:18 2016 + Committer: Colm O hEigeartaigh Committed: Tue Feb 16 13:54:53 2016 + -- ...tUsernameTokenAuthenticatingInterceptor.java | 15 +++ .../DefaultWSS4JSecurityContextCreator.java | 13 -- .../ws/security/wss4j/WSS4JInInterceptor.java | 11 ++ .../x509/CustomWSS4JSecurityContextCreator.java | 118 +++ .../systest/sts/x509/cxf-asymmetric-service.xml | 4 + 5 files changed, 148 insertions(+), 13 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/609fcade/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java index 3b3fa01..0d8d415 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java @@ -20,6 +20,8 @@ package org.apache.cxf.ws.security.wss4j; import java.security.Principal; import java.util.HashMap; +import java.util.LinkedList; +import java.util.List; import java.util.Map; import java.util.logging.Logger; @@ -34,6 +36,7 @@ import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.security.SecurityToken; import org.apache.cxf.common.security.UsernameToken; +import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.interceptor.security.DefaultSecurityContext; import org.apache.cxf.message.Message; @@ -43,6 +46,7 @@ import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.engine.WSSecurityEngine; import org.apache.wss4j.dom.handler.RequestData; +import org.apache.wss4j.dom.handler.WSHandlerConstants; import org.apache.wss4j.dom.handler.WSHandlerResult; import org.apache.wss4j.dom.validate.UsernameTokenValidator; import org.apache.wss4j.dom.validate.Validator; @@ -115,6 +119,17 @@ public abstract class AbstractUsernameTokenAuthenticatingInterceptor extends WSS WSHandlerResult wsResult, boolean utWithCallbacks ) throws SOAPException, XMLStreamException, WSSecurityException { +/* + * All ok up to this point. Now construct and setup the security result + * structure. The service may fetch this and check it. + */ +List results = CastUtils.cast((List)msg.get(WSHandlerConstants.RECV_RESULTS)); +if (results == null) { +results = new LinkedList<>(); +msg.put(WSHandlerConstants.RECV_RESULTS, results); +} +results.add(0, wsResult); + new UsernameTokenSecurityContextCreator().createSecurityContext(msg, wsResult); } http://git-wip-us.apache.org/repos/asf/cxf/blob/609fcade/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java index 8069a95..5a832ef 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java @@ -22,7 +22,6 @@ import java.security.Principal; import java.security.PublicKey; import java.security.cert.X509Certificate; import java.util.ArrayList; -import java.util.LinkedList; import java.util.List; import java.util.Map; import java.util.Set; @@ -31,7 +30,6 @@ import javax.security.auth.Subject; import javax.security.auth.kerberos.KerberosPrincipal; import org.apache.cxf.binding.soap.SoapMessage; -import org.apache.cxf.helpers.CastUtils; import
[1/3] cxf git commit: Refactor how WSS4J creates the CXF SecurityContext to make it pluggable
Repository: cxf Updated Branches: refs/heads/master 7d1890510 -> d68286f71 Refactor how WSS4J creates the CXF SecurityContext to make it pluggable Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a9db299a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a9db299a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a9db299a Branch: refs/heads/master Commit: a9db299a4715fd054adceca1abddf5fbf08a5b20 Parents: 7d18905 Author: Colm O hEigeartaighAuthored: Tue Feb 16 11:50:16 2016 + Committer: Colm O hEigeartaigh Committed: Tue Feb 16 11:58:32 2016 + -- .../cxf/ws/security/SecurityConstants.java | 10 +- ...tUsernameTokenAuthenticatingInterceptor.java | 31 ++- .../DefaultWSS4JSecurityContextCreator.java | 205 +++ .../ws/security/wss4j/WSS4JInInterceptor.java | 160 +-- .../wss4j/WSS4JSecurityContextCreator.java | 34 +++ 5 files changed, 281 insertions(+), 159 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/a9db299a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java index f9ebaba..f431a14 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java @@ -276,6 +276,14 @@ public final class SecurityConstants extends org.apache.cxf.rt.security.Security */ public static final String DELEGATED_CREDENTIAL = "ws-security.delegated.credential"; +/** + * A WSS4JSecurityContextCreator implementation that is used to create a CXF SecurityContext + * from the set of WSS4J processing results. The default implementation is the + * DefaultWSS4JSecurityContextCreator. This configuration tag allows the user to plug in + * a custom way of setting up the CXF SecurityContext. + */ +public static final String SECURITY_CONTEXT_CREATOR = "ws-security.security.context.creator"; + // // Validator implementations for validating received security tokens // @@ -397,7 +405,7 @@ public final class SecurityConstants extends org.apache.cxf.rt.security.Security CACHE_IDENTIFIER, DELEGATED_CREDENTIAL, KERBEROS_USE_CREDENTIAL_DELEGATION, KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM, KERBEROS_REQUEST_CREDENTIAL_DELEGATION, POLICY_VALIDATOR_MAP, STORE_BYTES_IN_ATTACHMENT, USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM, -SYMMETRIC_SIGNATURE_ALGORITHM +SYMMETRIC_SIGNATURE_ALGORITHM, SECURITY_CONTEXT_CREATOR })); for (String commonProperty : COMMON_PROPERTIES) { s.add(commonProperty); http://git-wip-us.apache.org/repos/asf/cxf/blob/a9db299a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java index 5bec27f..3b3fa01 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java @@ -25,6 +25,10 @@ import java.util.logging.Logger; import javax.security.auth.Subject; import javax.xml.namespace.QName; +import javax.xml.soap.SOAPException; +import javax.xml.stream.XMLStreamException; + +import org.w3c.dom.Element; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.common.logging.LogUtils; @@ -39,6 +43,7 @@ import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.engine.WSSecurityEngine; import org.apache.wss4j.dom.handler.RequestData; +import org.apache.wss4j.dom.handler.WSHandlerResult; import org.apache.wss4j.dom.validate.UsernameTokenValidator; import org.apache.wss4j.dom.validate.Validator; @@ -102,12 +107,15 @@ public abstract class AbstractUsernameTokenAuthenticatingInterceptor extends WSS } @Override -protected SecurityContext createSecurityContext(final Principal p) { -Message msg = PhaseInterceptorChain.getCurrentMessage(); -if (msg == null) { -throw new
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 694b2e6f5 -> ad191a905 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ad191a90 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ad191a90 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ad191a90 Branch: refs/heads/3.0.x-fixes Commit: ad191a90583a094ff0ae37f3999a5d7cc1c524d5 Parents: 694b2e6 Author: Colm O hEigeartaighAuthored: Tue Feb 16 13:55:12 2016 + Committer: Colm O hEigeartaigh Committed: Tue Feb 16 13:55:12 2016 + -- .gitmergeinfo | 3 +++ 1 file changed, 3 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/ad191a90/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index f22fba7..c2fc09d 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -223,6 +223,7 @@ B 46f0d5fff8a4d846831b5e9d7ac0405fe06d2ccd B 4702274c7a8bad71ab512744ad39f5207bfe86cd B 470bdcb40597dce5e5cf957000ab60b0b4c1fce4 B 4744117f9228e8f25cc2cba2255f6e6a516e2d2a +B 47839c649a92a4e372eee313e5d53ec5c91df334 B 478de215af2da2c03f439bbbd8341b234bb7bee8 B 47b1a4ae21cfc70cea3b48ebd2be72fd184f1370 B 4800bc8de7d7626fab25d8ab775e3da1ecec5007 @@ -297,6 +298,7 @@ B 5f94e273e7e8d99915eeda1189824f13488eb013 B 5faf182264c64bd3c0abc0addc9746b64492c864 B 5fbd407bac5af5e55bb280125405d75b7add872b B 5fc6229a6d289a6a4f23fac4f1d7750285c85d1a +B 609fcadef1b418c05f3cf9d29dac87f458281156 B 60f95e5c0d928fd0b518bac1b89e20b9a12e09b3 B 610057e6f2bdc7491e2e2266ec7ac41513fcd5f0 B 6168d90fab71f2a8811640bfbbf88bfd1eed1848 @@ -605,6 +607,7 @@ B c4c03e06de3ec8eb8b3e3b35a8c27d1615fd5931 B c4c969042edcbcd439faa0fc95c1f5130cf06c71 B c4ce1dd672146fa49f7d6b0aabc563843828fe93 B c5609a479c87ea75e016b61daeafe0021f693332 +B c5ad99ec8045110063dbec77873782eb5451a6c4 B c5c21d5b61fbd57e79f0bf39fa56ef9814c417fd B c5da4140da8fe63c4a10845b95258bbda9ab2058 B c750e54452bfa4cb9b0db018dad135b298847095
[1/3] cxf git commit: Refactor how WSS4J creates the CXF SecurityContext to make it pluggable
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes e32ce07bc -> 609fcadef Refactor how WSS4J creates the CXF SecurityContext to make it pluggable Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c5ad99ec Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c5ad99ec Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c5ad99ec Branch: refs/heads/3.1.x-fixes Commit: c5ad99ec8045110063dbec77873782eb5451a6c4 Parents: e32ce07 Author: Colm O hEigeartaighAuthored: Tue Feb 16 11:50:16 2016 + Committer: Colm O hEigeartaigh Committed: Tue Feb 16 13:54:51 2016 + -- .../cxf/ws/security/SecurityConstants.java | 10 +- ...tUsernameTokenAuthenticatingInterceptor.java | 31 ++- .../DefaultWSS4JSecurityContextCreator.java | 205 +++ .../ws/security/wss4j/WSS4JInInterceptor.java | 160 +-- .../wss4j/WSS4JSecurityContextCreator.java | 34 +++ 5 files changed, 281 insertions(+), 159 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/c5ad99ec/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java index f9ebaba..f431a14 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java @@ -276,6 +276,14 @@ public final class SecurityConstants extends org.apache.cxf.rt.security.Security */ public static final String DELEGATED_CREDENTIAL = "ws-security.delegated.credential"; +/** + * A WSS4JSecurityContextCreator implementation that is used to create a CXF SecurityContext + * from the set of WSS4J processing results. The default implementation is the + * DefaultWSS4JSecurityContextCreator. This configuration tag allows the user to plug in + * a custom way of setting up the CXF SecurityContext. + */ +public static final String SECURITY_CONTEXT_CREATOR = "ws-security.security.context.creator"; + // // Validator implementations for validating received security tokens // @@ -397,7 +405,7 @@ public final class SecurityConstants extends org.apache.cxf.rt.security.Security CACHE_IDENTIFIER, DELEGATED_CREDENTIAL, KERBEROS_USE_CREDENTIAL_DELEGATION, KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM, KERBEROS_REQUEST_CREDENTIAL_DELEGATION, POLICY_VALIDATOR_MAP, STORE_BYTES_IN_ATTACHMENT, USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM, -SYMMETRIC_SIGNATURE_ALGORITHM +SYMMETRIC_SIGNATURE_ALGORITHM, SECURITY_CONTEXT_CREATOR })); for (String commonProperty : COMMON_PROPERTIES) { s.add(commonProperty); http://git-wip-us.apache.org/repos/asf/cxf/blob/c5ad99ec/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java index 5bec27f..3b3fa01 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java @@ -25,6 +25,10 @@ import java.util.logging.Logger; import javax.security.auth.Subject; import javax.xml.namespace.QName; +import javax.xml.soap.SOAPException; +import javax.xml.stream.XMLStreamException; + +import org.w3c.dom.Element; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.common.logging.LogUtils; @@ -39,6 +43,7 @@ import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.engine.WSSecurityEngine; import org.apache.wss4j.dom.handler.RequestData; +import org.apache.wss4j.dom.handler.WSHandlerResult; import org.apache.wss4j.dom.validate.UsernameTokenValidator; import org.apache.wss4j.dom.validate.Validator; @@ -102,12 +107,15 @@ public abstract class AbstractUsernameTokenAuthenticatingInterceptor extends WSS } @Override -protected SecurityContext createSecurityContext(final Principal p) { -Message msg = PhaseInterceptorChain.getCurrentMessage(); -if (msg == null) { -throw new
[3/3] cxf git commit: Adding a custom WSS4JSecurityContextCreator for an STS system test
Adding a custom WSS4JSecurityContextCreator for an STS system test Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d68286f7 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d68286f7 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d68286f7 Branch: refs/heads/master Commit: d68286f715ef4a545989a04d31313a64078cf0cb Parents: 864d3f3 Author: Colm O hEigeartaighAuthored: Tue Feb 16 13:48:18 2016 + Committer: Colm O hEigeartaigh Committed: Tue Feb 16 13:48:18 2016 + -- ...tUsernameTokenAuthenticatingInterceptor.java | 15 +++ .../DefaultWSS4JSecurityContextCreator.java | 13 -- .../ws/security/wss4j/WSS4JInInterceptor.java | 11 ++ .../x509/CustomWSS4JSecurityContextCreator.java | 118 +++ .../systest/sts/x509/cxf-asymmetric-service.xml | 4 + 5 files changed, 148 insertions(+), 13 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/d68286f7/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java index 3b3fa01..0d8d415 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java @@ -20,6 +20,8 @@ package org.apache.cxf.ws.security.wss4j; import java.security.Principal; import java.util.HashMap; +import java.util.LinkedList; +import java.util.List; import java.util.Map; import java.util.logging.Logger; @@ -34,6 +36,7 @@ import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.security.SecurityToken; import org.apache.cxf.common.security.UsernameToken; +import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.interceptor.security.DefaultSecurityContext; import org.apache.cxf.message.Message; @@ -43,6 +46,7 @@ import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.engine.WSSecurityEngine; import org.apache.wss4j.dom.handler.RequestData; +import org.apache.wss4j.dom.handler.WSHandlerConstants; import org.apache.wss4j.dom.handler.WSHandlerResult; import org.apache.wss4j.dom.validate.UsernameTokenValidator; import org.apache.wss4j.dom.validate.Validator; @@ -115,6 +119,17 @@ public abstract class AbstractUsernameTokenAuthenticatingInterceptor extends WSS WSHandlerResult wsResult, boolean utWithCallbacks ) throws SOAPException, XMLStreamException, WSSecurityException { +/* + * All ok up to this point. Now construct and setup the security result + * structure. The service may fetch this and check it. + */ +List results = CastUtils.cast((List)msg.get(WSHandlerConstants.RECV_RESULTS)); +if (results == null) { +results = new LinkedList<>(); +msg.put(WSHandlerConstants.RECV_RESULTS, results); +} +results.add(0, wsResult); + new UsernameTokenSecurityContextCreator().createSecurityContext(msg, wsResult); } http://git-wip-us.apache.org/repos/asf/cxf/blob/d68286f7/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java index 8069a95..5a832ef 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java @@ -22,7 +22,6 @@ import java.security.Principal; import java.security.PublicKey; import java.security.cert.X509Certificate; import java.util.ArrayList; -import java.util.LinkedList; import java.util.List; import java.util.Map; import java.util.Set; @@ -31,7 +30,6 @@ import javax.security.auth.Subject; import javax.security.auth.kerberos.KerberosPrincipal; import org.apache.cxf.binding.soap.SoapMessage; -import org.apache.cxf.helpers.CastUtils; import
[2/3] cxf git commit: Minor change
Minor change Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/47839c64 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/47839c64 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/47839c64 Branch: refs/heads/3.1.x-fixes Commit: 47839c649a92a4e372eee313e5d53ec5c91df334 Parents: c5ad99e Author: Colm O hEigeartaighAuthored: Tue Feb 16 11:58:37 2016 + Committer: Colm O hEigeartaigh Committed: Tue Feb 16 13:54:52 2016 + -- .../cxf/ws/security/wss4j/WSS4JInInterceptor.java | 16 +++- 1 file changed, 3 insertions(+), 13 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/47839c64/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java index 020b4ca..d996711 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java @@ -294,13 +294,13 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { doResults(msg, actor, SAAJUtils.getHeader(doc), SAAJUtils.getBody(doc), - wsResult); + wsResult, utWithCallbacks); } else { checkActions(msg, reqData, wsResult.getResults(), actions, SAAJUtils.getBody(doc)); doResults(msg, actor, SAAJUtils.getHeader(doc), SAAJUtils.getBody(doc), - wsResult); + wsResult, utWithCallbacks); } } advanceBody(msg, SAAJUtils.getBody(doc)); @@ -469,17 +469,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { String actor, Element soapHeader, Element soapBody, -WSHandlerResult wsResult -) throws SOAPException, XMLStreamException, WSSecurityException { -doResults(msg, actor, soapHeader, soapBody, wsResult, false); -} - -protected void doResults( -SoapMessage msg, -String actor, -Element soapHeader, -Element soapBody, -WSHandlerResult wsResult, +WSHandlerResult wsResult, boolean utWithCallbacks ) throws SOAPException, XMLStreamException, WSSecurityException {
[2/3] cxf git commit: Minor change
Minor change Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/864d3f30 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/864d3f30 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/864d3f30 Branch: refs/heads/master Commit: 864d3f3070eeea5d717caef381cd91f310195b30 Parents: a9db299 Author: Colm O hEigeartaighAuthored: Tue Feb 16 11:58:37 2016 + Committer: Colm O hEigeartaigh Committed: Tue Feb 16 11:58:37 2016 + -- .../cxf/ws/security/wss4j/WSS4JInInterceptor.java | 16 +++- 1 file changed, 3 insertions(+), 13 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/864d3f30/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java index 020b4ca..d996711 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java @@ -294,13 +294,13 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { doResults(msg, actor, SAAJUtils.getHeader(doc), SAAJUtils.getBody(doc), - wsResult); + wsResult, utWithCallbacks); } else { checkActions(msg, reqData, wsResult.getResults(), actions, SAAJUtils.getBody(doc)); doResults(msg, actor, SAAJUtils.getHeader(doc), SAAJUtils.getBody(doc), - wsResult); + wsResult, utWithCallbacks); } } advanceBody(msg, SAAJUtils.getBody(doc)); @@ -469,17 +469,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { String actor, Element soapHeader, Element soapBody, -WSHandlerResult wsResult -) throws SOAPException, XMLStreamException, WSSecurityException { -doResults(msg, actor, soapHeader, soapBody, wsResult, false); -} - -protected void doResults( -SoapMessage msg, -String actor, -Element soapHeader, -Element soapBody, -WSHandlerResult wsResult, +WSHandlerResult wsResult, boolean utWithCallbacks ) throws SOAPException, XMLStreamException, WSSecurityException {