cxf git commit: [CXF-7263] Updating ResourceOwnerLoginHandler to accept Client
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 1d9625605 -> 742cb68a9 [CXF-7263] Updating ResourceOwnerLoginHandler to accept Client Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/742cb68a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/742cb68a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/742cb68a Branch: refs/heads/3.1.x-fixes Commit: 742cb68a9172c968aeea5ece7146f9c3dfacde9a Parents: 1d96256 Author: Sergey Beryozkin Authored: Thu Mar 2 22:26:51 2017 + Committer: Sergey Beryozkin Committed: Thu Mar 2 22:29:43 2017 + -- .../oauth2/grants/owner/JAASResourceOwnerLoginHandler.java | 7 --- .../oauth2/grants/owner/ResourceOwnerGrantHandler.java | 2 +- .../oauth2/grants/owner/ResourceOwnerLoginHandler.java | 8 +--- 3 files changed, 10 insertions(+), 7 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/742cb68a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java index 7eb7bfc..b89ad7e 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java @@ -22,6 +22,7 @@ import org.apache.cxf.configuration.security.AuthorizationPolicy; import org.apache.cxf.interceptor.security.JAASLoginInterceptor; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageImpl; +import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; import org.apache.cxf.security.SecurityContext; @@ -29,9 +30,9 @@ import org.apache.cxf.security.SecurityContext; public class JAASResourceOwnerLoginHandler implements ResourceOwnerLoginHandler { private JAASLoginInterceptor jaasInterceptor = new JAASLoginInterceptor(); - - -public UserSubject createSubject(String name, String password) { + + +public UserSubject createSubject(Client client, String name, String password) { Message message = setupMessage(name, password); jaasInterceptor.handleMessage(message); http://git-wip-us.apache.org/repos/asf/cxf/blob/742cb68a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java index 4a5d03b..b84ca30 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java @@ -49,7 +49,7 @@ public class ResourceOwnerGrantHandler extends AbstractGrantHandler { throw new OAuthServiceException( new OAuthError(OAuthConstants.INVALID_REQUEST)); } -UserSubject subject = loginHandler.createSubject(ownerName, ownerPassword); +UserSubject subject = loginHandler.createSubject(client, ownerName, ownerPassword); if (subject == null) { throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); } http://git-wip-us.apache.org/repos/asf/cxf/blob/742cb68a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerLoginHandler.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerLoginHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerLoginHandler.java index 8d63d69..aded593 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerLoginHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/
cxf git commit: [CXF-7263] Updating ResourceOwnerLoginHandler to accept Client
Repository: cxf Updated Branches: refs/heads/master 0252de53c -> c7d50ca23 [CXF-7263] Updating ResourceOwnerLoginHandler to accept Client Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c7d50ca2 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c7d50ca2 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c7d50ca2 Branch: refs/heads/master Commit: c7d50ca238184789412737ea0f0db4b5b5503326 Parents: 0252de5 Author: Sergey Beryozkin Authored: Thu Mar 2 22:26:51 2017 + Committer: Sergey Beryozkin Committed: Thu Mar 2 22:26:51 2017 + -- .../oauth2/grants/owner/JAASResourceOwnerLoginHandler.java | 3 ++- .../oauth2/grants/owner/ResourceOwnerGrantHandler.java | 2 +- .../oauth2/grants/owner/ResourceOwnerLoginHandler.java | 8 +--- 3 files changed, 8 insertions(+), 5 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/c7d50ca2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java index 480e2db..2af9212 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java @@ -22,6 +22,7 @@ import org.apache.cxf.configuration.security.AuthorizationPolicy; import org.apache.cxf.interceptor.security.JAASLoginInterceptor; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageImpl; +import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; import org.apache.cxf.security.SecurityContext; @@ -31,7 +32,7 @@ public class JAASResourceOwnerLoginHandler implements ResourceOwnerLoginHandler private JAASLoginInterceptor jaasInterceptor = new JAASLoginInterceptor(); -public UserSubject createSubject(String name, String password) { +public UserSubject createSubject(Client client, String name, String password) { Message message = setupMessage(name, password); jaasInterceptor.handleMessage(message); http://git-wip-us.apache.org/repos/asf/cxf/blob/c7d50ca2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java index 5aba67e..a5f4538 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java @@ -49,7 +49,7 @@ public class ResourceOwnerGrantHandler extends AbstractGrantHandler { throw new OAuthServiceException( new OAuthError(OAuthConstants.INVALID_REQUEST)); } -UserSubject subject = loginHandler.createSubject(ownerName, ownerPassword); +UserSubject subject = loginHandler.createSubject(client, ownerName, ownerPassword); if (subject == null) { throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); } http://git-wip-us.apache.org/repos/asf/cxf/blob/c7d50ca2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerLoginHandler.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerLoginHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerLoginHandler.java index 937ed8b..dda599e 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerLoginHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerLoginHandler.java @@ -18,6 +18,7 @@ */ package org.apache.cxf.r
cxf-fediz git commit: Introducing ProviderAuthenticationStrategy to make it easier to encapsulate alternative approaches for authenticating at the provider level
Repository: cxf-fediz Updated Branches: refs/heads/master fac4db415 -> 3ba499aef Introducing ProviderAuthenticationStrategy to make it easier to encapsulate alternative approaches for authenticating at the provider level Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/3ba499ae Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/3ba499ae Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/3ba499ae Branch: refs/heads/master Commit: 3ba499aeffb16c84895022e953a117f922abc4c4 Parents: fac4db4 Author: Sergey Beryozkin Authored: Thu Mar 2 22:03:34 2017 + Committer: Sergey Beryozkin Committed: Thu Mar 2 22:03:34 2017 + -- .../service/oidc/OAuthDataProviderImpl.java | 79 +--- .../src/test/resources/oidc/data-manager.xml| 8 +- 2 files changed, 41 insertions(+), 46 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3ba499ae/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java -- diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java index 1882e0a..c265cef 100644 --- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java +++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java @@ -18,19 +18,12 @@ */ package org.apache.cxf.fediz.service.oidc; +import java.lang.reflect.Method; import java.security.Principal; import java.util.Collections; import java.util.List; -import java.util.logging.Level; -import java.util.logging.Logger; -import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.login.Configuration; -import javax.security.auth.login.LoginContext; -import javax.security.auth.login.LoginException; - -import org.apache.cxf.common.logging.LogUtils; -import org.apache.cxf.interceptor.security.NamePasswordCallbackHandler; +import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; import org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider; @@ -40,23 +33,18 @@ import org.apache.cxf.rs.security.oidc.utils.OidcUtils; public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider { -private static final Logger LOG = LogUtils.getL7dLogger(OAuthDataProviderImpl.class); - private boolean checkOnlyRegisteredClients; private boolean persistUnregisteredClients = true; -private String contextName; -private Configuration loginConfig; - - +private ProviderAuthenticationStrategy authenticationStrategy; + @Override public Client getClient(String clientId) { -//TODO: push most of this code into the abstract class Client client = super.getClient(clientId); if (client != null || checkOnlyRegisteredClients) { return client; } -String grantType = (String)getMessageContext().get(OAuthConstants.GRANT_TYPE); +String grantType = getCurrentRequestedGrantType(); if (OAuthConstants.CLIENT_CREDENTIALS_GRANT.equals(grantType)) { // Pre-registering the OAuth2 Client representations for // "client_credentials" can be difficult. @@ -81,47 +69,32 @@ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider { // (as it is now) but also client credentials/etc then the check below will need to be more strict // with the help of getMessageContext().get(OAuthConstants.GRANT_TYPE) if (!client.getAllowedGrantTypes().contains(OAuthConstants.CLIENT_CREDENTIALS_GRANT) +&& !client.getAllowedGrantTypes().contains(OAuthConstants.RESOURCE_OWNER_GRANT) && !requestedScopes.contains(OidcUtils.OPENID_SCOPE)) { throw new OAuthServiceException("Required scopes are missing"); } return super.convertScopeToPermissions(client, requestedScopes); } -protected Client authenticateClient(String clientId, String clientSecret) { -if (contextName != null) { -try { -// Login using JAAS -CallbackHandler callbackHandler = -new NamePasswordCallbackHandler(clientId, clientSecret); -LoginContext ctx = new LoginContext(contextName, null, callbackHandler, loginConfig); -ctx.login(); -Client client = createClientCredClient(clientId, clientSecret); -ctx.logout(); -return client; -} cat
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes e889b2961 -> 5268b81e0 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5268b81e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5268b81e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5268b81e Branch: refs/heads/3.0.x-fixes Commit: 5268b81e0af1d6391c5663f5e85e1f6eb23890df Parents: e889b29 Author: Colm O hEigeartaigh Authored: Thu Mar 2 18:22:08 2017 + Committer: Colm O hEigeartaigh Committed: Thu Mar 2 18:22:08 2017 + -- .gitmergeinfo | 4 1 file changed, 4 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/5268b81e/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 1b5a9a2..85f5b41 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -26,6 +26,7 @@ B 05a7ad32b06dc800d31cffbb39df5be16f847849 B 05e838902732c879e6a9415f11624d1581b5271e B 062c8ac92d8a52d2913a4f128ad56cb742edd3b3 B 0642440cd3114db0ca86ca99987617d98634697f +B 06d2a32adda4cb32580ca25c83e6b67dfb143ae9 B 06e74f175c476c82c773c4ac31cf656ef593d424 B 06fbd75b77597a6b413c72ab845578ba03bf3a21 B 07297f3c75c3d16a6d81b423d545ababd714f5b9 @@ -151,6 +152,7 @@ B 1d29dfaa8e686570c1b2ec2da4c31ba380e0b9b0 B 1d29e0af16d1714a44d0144f4b0563d423eb16c0 B 1d2f49e37fa341aaa56960235cc784def4b4a70a B 1d5577f2abcfcc36fbbae349e94d7a992ec57ba0 +B 1d962560563a96a4577db705a3264d74dbeb6f12 B 1d9e79ef36bf14e25d7cd2cccb0d804a048aef64 B 1da1293953e95d756406d8eab9c99a2de459c1ab B 1db0f0bbe8435bc0c081627857d5047ec8ee7f55 @@ -922,6 +924,7 @@ B a2e5fae3a093965b75361210ef475abb9e6abf56 B a2ef32eee8f2a91706801c05f17b927d661baff1 B a2f2eb7e29e3632ecae740f1edf8d4c05689f24b B a3347f0378b49b6db6ca6ec274098f4b52fd17cd +B a371f7cf76e86b91dd6c8025e2882d4715568bb5 B a3e1065d4c2a600f63585a6c892e636f5740cf73 B a4222c930f7d69608f826c14e4bc7bc9f670097c B a4315cb442fa31960cbd47f11e95e81b4a71441d @@ -1259,6 +1262,7 @@ B de9b7936156d622c284df7f055acac80b920b7d0 B deea740143ef9b2d85c5dc2139f6918ae10ca548 B df39a9e14be1f3ff1fdd32e93e4f95c7fab96b00 B df424f5a46f5a6e7be339308d85799865fb84573 +B df54745da1a568ea652762a3f0840771551b8d27 B df947cb1ca2b9e375f99e199ec65b1afece1c963 B dfa36ecb161fc0e7121aff68ad41ed969307d4f0 B dfa59762b50f26263716bae769bc4078d4059c37
[3/3] cxf git commit: Fixing merge
Fixing merge Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1d962560 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1d962560 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1d962560 Branch: refs/heads/3.1.x-fixes Commit: 1d962560563a96a4577db705a3264d74dbeb6f12 Parents: df54745 Author: Colm O hEigeartaigh Authored: Thu Mar 2 18:21:23 2017 + Committer: Colm O hEigeartaigh Committed: Thu Mar 2 18:21:23 2017 + -- .../cxf/transport/http/MessageTrustDecider.java | 6 -- .../interceptors/HttpsTokenInterceptorProvider.java | 14 -- .../apache/cxf/systest/ws/https/HttpsTokenTest.java | 3 --- 3 files changed, 23 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/1d962560/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java -- diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java index 923b5e5..6360570 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java @@ -29,15 +29,9 @@ import org.apache.cxf.message.Message; * java.net.URLConnection implementations. * * The HttpURLConnection will be set up and connected, but no data -<<< HEAD - * yet sent (at least according to the JDK 1.5 default implemenation), - * and in the case of an HttpsURLConnection (again with caveat on - * particular java.net.HttpsURLConnection implemenation), the TLS handshake -=== * yet sent (at least according to the JDK 1.5 default implementation), * and in the case of an HttpsURLConnection (again with caveat on * particular java.net.HttpsURLConnection implementation), the TLS handshake ->>> 0252de5... [CXF-5525] - Adding a JAX-WS property to disable client cert verification policy check + tests * will be completed and certain TLS artifacts will be available. * * Each MessageTrustDecider has a "logical" name that may be used in logging http://git-wip-us.apache.org/repos/asf/cxf/blob/1d962560/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java index 537c8c5..8857811 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java @@ -146,23 +146,9 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv + " the server set to ask for client authorization?"); } } -<<< HEAD -HttpsURLConnectionInfo info = (HttpsURLConnectionInfo)connectionInfo; -if (info.getLocalCertificates() == null -|| info.getLocalCertificates().length == 0) { -throw new UntrustedURLConnectionIOException( -"RequireClientCertificate is set, " -+ "but no local certificates were negotiated. Is" -+ " the server set to ask for client authorization?"); -} -} -}; -message.put(MessageTrustDecider.class, trust); -=== }; message.put(MessageTrustDecider.class, trust); } ->>> 0252de5... [CXF-5525] - Adding a JAX-WS property to disable client cert verification policy check + tests PolicyUtils.assertPolicy(aim, new QName(token.getName().getNamespaceURI(), SPConstants.REQUIRE_CLIENT_CERTIFICATE)); } http://git-wip-us.apache.org/repos/asf/cxf/blob/1d962560/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java -- diff --git a/systests/ws-security/src/test/java/org/a
[1/3] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 963a541fe -> 1d9625605 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/df54745d Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/df54745d Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/df54745d Branch: refs/heads/3.1.x-fixes Commit: df54745da1a568ea652762a3f0840771551b8d27 Parents: a371f7c Author: Colm O hEigeartaigh Authored: Thu Mar 2 18:20:06 2017 + Committer: Colm O hEigeartaigh Committed: Thu Mar 2 18:20:06 2017 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/df54745d/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index e50b89e..fbb4723 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -280,6 +280,7 @@ M 01cd14ce923f1f2cd044746e272b2d525c46f9a6 M 01d06cee06203b0ba616ca1924f1878aecc1a791 M 01fdc40526185ee89202692088fd5367f0690af0 M 0222768baf6b60742c4a8332308edf2be0f4a2e4 +M 0252de53c8b2bd230544e7c9cffc9355741dc2f1 M 0344b6bc0d1e61a3d3b5194f5ae3ebcdf62e8d56 M 03987585902ef5db3c265a353e483f20e31b2c18 M 04720d55a297aa4778a8194a766d9159ba662d33
[2/3] cxf git commit: [CXF-5525] - Adding a JAX-WS property to disable client cert verification policy check + tests
[CXF-5525] - Adding a JAX-WS property to disable client cert verification policy check + tests # Conflicts: # rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java # rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java # rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java # systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a371f7cf Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a371f7cf Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a371f7cf Branch: refs/heads/3.1.x-fixes Commit: a371f7cf76e86b91dd6c8025e2882d4715568bb5 Parents: 963a541 Author: Colm O hEigeartaigh Authored: Thu Mar 2 18:17:05 2017 + Committer: Colm O hEigeartaigh Committed: Thu Mar 2 18:20:06 2017 + -- .../apache/cxf/transport/http/HTTPConduit.java | 7 ++- .../cxf/transport/http/MessageTrustDecider.java | 13 ++ .../cxf/ws/security/SecurityConstants.java | 11 - .../HttpsTokenInterceptorProvider.java | 38 .../cxf/systest/ws/https/HttpsTokenTest.java| 47 .../cxf/systest/ws/https/DoubleItHttps.wsdl | 6 +++ .../org/apache/cxf/systest/ws/https/client.xml | 26 +++ .../org/apache/cxf/systest/ws/https/server.xml | 14 ++ .../apache/cxf/systest/ws/https/stax-server.xml | 20 + 9 files changed, 169 insertions(+), 13 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/a371f7cf/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java -- diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java index e896461..51daa38 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java @@ -1762,10 +1762,9 @@ public abstract class HTTPConduit // already connected. HttpsURLConnectionInfo info = getHttpsURLConnectionInfo(); if (trustDecider != null) { -trustDecider.establishTrust( -conduitName, -info, -outMessage); +trustDecider.establishTrust(conduitName, +info, +outMessage); if (LOG.isLoggable(Level.FINE)) { LOG.log(Level.FINE, "Trust Decider " + trustDecider.getLogicalName() http://git-wip-us.apache.org/repos/asf/cxf/blob/a371f7cf/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java -- diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java index c9c2f1e..923b5e5 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java @@ -29,9 +29,15 @@ import org.apache.cxf.message.Message; * java.net.URLConnection implementations. * * The HttpURLConnection will be set up and connected, but no data +<<< HEAD * yet sent (at least according to the JDK 1.5 default implemenation), * and in the case of an HttpsURLConnection (again with caveat on * particular java.net.HttpsURLConnection implemenation), the TLS handshake +=== + * yet sent (at least according to the JDK 1.5 default implementation), + * and in the case of an HttpsURLConnection (again with caveat on + * particular java.net.HttpsURLConnection implementation), the TLS handshake +>>> 0252de5... [CXF-5525] - Adding a JAX-WS property to disable client cert verification policy check + tests * will be completed and certain TLS artifacts will be available. * * Each MessageTrustDecider has a "logical" name that may be used in logging @@ -88,10 +94,17 @@ public abstract class MessageTrustDecider { * * The HTTPConduit calls this message on every redirect, however, it is * impossible to tell where it has been redirected from. +<<< HEAD * * TODO: What are the exising Message Properties at the point of this cal
cxf git commit: [CXF-5525] - Adding a JAX-WS property to disable client cert verification policy check + tests
Repository: cxf Updated Branches: refs/heads/master 13d33c9ed -> 0252de53c [CXF-5525] - Adding a JAX-WS property to disable client cert verification policy check + tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0252de53 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0252de53 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0252de53 Branch: refs/heads/master Commit: 0252de53c8b2bd230544e7c9cffc9355741dc2f1 Parents: 13d33c9 Author: Colm O hEigeartaigh Authored: Thu Mar 2 18:17:05 2017 + Committer: Colm O hEigeartaigh Committed: Thu Mar 2 18:17:54 2017 + -- .../apache/cxf/transport/http/HTTPConduit.java | 7 ++- .../cxf/transport/http/MessageTrustDecider.java | 6 +-- .../cxf/ws/security/SecurityConstants.java | 11 - .../HttpsTokenInterceptorProvider.java | 46 .../cxf/systest/ws/https/HttpsTokenTest.java| 44 +++ .../cxf/systest/ws/https/DoubleItHttps.wsdl | 6 +++ .../org/apache/cxf/systest/ws/https/client.xml | 26 +++ .../org/apache/cxf/systest/ws/https/server.xml | 14 ++ .../apache/cxf/systest/ws/https/stax-server.xml | 20 + 9 files changed, 153 insertions(+), 27 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/0252de53/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java -- diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java index 8314c14..30798f7 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java @@ -1762,10 +1762,9 @@ public abstract class HTTPConduit // already connected. HttpsURLConnectionInfo info = getHttpsURLConnectionInfo(); if (trustDecider != null) { -trustDecider.establishTrust( -conduitName, -info, -outMessage); +trustDecider.establishTrust(conduitName, +info, +outMessage); if (LOG.isLoggable(Level.FINE)) { LOG.log(Level.FINE, "Trust Decider " + trustDecider.getLogicalName() http://git-wip-us.apache.org/repos/asf/cxf/blob/0252de53/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java -- diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java index ac3efb8..8cd2fff 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java @@ -29,9 +29,9 @@ import org.apache.cxf.message.Message; * java.net.URLConnection implementations. * * The HttpURLConnection will be set up and connected, but no data - * yet sent (at least according to the JDK 1.5 default implemenation), + * yet sent (at least according to the JDK 1.5 default implementation), * and in the case of an HttpsURLConnection (again with caveat on - * particular java.net.HttpsURLConnection implemenation), the TLS handshake + * particular java.net.HttpsURLConnection implementation), the TLS handshake * will be completed and certain TLS artifacts will be available. * * Each MessageTrustDecider has a "logical" name that may be used in logging @@ -89,7 +89,7 @@ public abstract class MessageTrustDecider { * The HTTPConduit calls this message on every redirect, however, it is * impossible to tell where it has been redirected from. * - * TODO: What are the exising Message Properties at the point of this call? + * TODO: What are the existing Message Properties at the point of this call? * * @param conduitNameThis parameter contains the logical name * for the conduit that this trust decider http://git-wip-us.apache.org/repos/asf/cxf/blob/0252de53/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java b/rt/ws/security/src/main/java/org/apache/
cxf git commit: Injecting MessageContext into ResourceOwner handler too
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 06d2a32ad -> 963a541fe Injecting MessageContext into ResourceOwner handler too Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/963a541f Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/963a541f Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/963a541f Branch: refs/heads/3.1.x-fixes Commit: 963a541fe53a4d3f0481472c75fe6b7310c929c7 Parents: 06d2a32 Author: Sergey Beryozkin Authored: Thu Mar 2 17:38:53 2017 + Committer: Sergey Beryozkin Committed: Thu Mar 2 17:52:20 2017 + -- .../grants/owner/ResourceOwnerGrantHandler.java | 11 ++-- .../provider/AbstractOAuthDataProvider.java | 8 ++ .../oauth2/services/AbstractOAuthService.java | 28 .../oauth2/services/AccessTokenService.java | 13 +++-- .../security/oauth2/utils/OAuthConstants.java | 1 + .../rs/security/oauth2/utils/OAuthUtils.java| 18 + 6 files changed, 58 insertions(+), 21 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/963a541f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java index 19e0f6b..4a5d03b 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java @@ -20,6 +20,7 @@ package org.apache.cxf.rs.security.oauth2.grants.owner; import javax.ws.rs.core.MultivaluedMap; +import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.OAuthError; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; @@ -27,6 +28,7 @@ import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; +import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; /** * The "resource owner" grant handler @@ -37,7 +39,7 @@ public class ResourceOwnerGrantHandler extends AbstractGrantHandler { public ResourceOwnerGrantHandler() { super(OAuthConstants.RESOURCE_OWNER_GRANT); } - + public ServerAccessToken createAccessToken(Client client, MultivaluedMap params) throws OAuthServiceException { @@ -62,5 +64,10 @@ public class ResourceOwnerGrantHandler extends AbstractGrantHandler { this.loginHandler = loginHandler; } - +public void setMessageContext(MessageContext context) { +if (loginHandler != null) { +OAuthUtils.injectContextIntoOAuthProvider(context, loginHandler); +} +} + } http://git-wip-us.apache.org/repos/asf/cxf/blob/963a541f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java index e39c9be..e5a8eba 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java @@ -25,6 +25,8 @@ import java.util.LinkedList; import java.util.List; import java.util.Map; +import javax.ws.rs.core.MultivaluedMap; + import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; import org.apache.cxf.rs.security.jose.jwt.JwtToken; @@ -311,6 +313,12 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl protected String getCurrentClientSecret() { return (String)messageContext.get(OAuthConstants.CLIENT_SECRET); } +protected MultivaluedMap getCurrentRequestParams() { +@SuppressWarnings("unchecked") +MultivaluedMap params = +(MultivaluedMap)messageContext.get(OAuthConstants.T
cxf git commit: Injecting MessageContext into ResourceOwner handler too
Repository: cxf Updated Branches: refs/heads/master afdf9361f -> 13d33c9ed Injecting MessageContext into ResourceOwner handler too Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/13d33c9e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/13d33c9e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/13d33c9e Branch: refs/heads/master Commit: 13d33c9ed261e06e44706cffa1671d67d31096a7 Parents: afdf936 Author: Sergey Beryozkin Authored: Thu Mar 2 17:38:53 2017 + Committer: Sergey Beryozkin Committed: Thu Mar 2 17:38:53 2017 + -- .../grants/owner/ResourceOwnerGrantHandler.java | 11 ++-- .../provider/AbstractOAuthDataProvider.java | 8 ++ .../oauth2/services/AbstractOAuthService.java | 28 .../oauth2/services/AccessTokenService.java | 11 +++- .../security/oauth2/utils/OAuthConstants.java | 1 + .../rs/security/oauth2/utils/OAuthUtils.java| 18 + 6 files changed, 57 insertions(+), 20 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/13d33c9e/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java index ea39634..5aba67e 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java @@ -20,6 +20,7 @@ package org.apache.cxf.rs.security.oauth2.grants.owner; import javax.ws.rs.core.MultivaluedMap; +import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.OAuthError; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; @@ -27,6 +28,7 @@ import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; +import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; /** * The "resource owner" grant handler @@ -37,7 +39,7 @@ public class ResourceOwnerGrantHandler extends AbstractGrantHandler { public ResourceOwnerGrantHandler() { super(OAuthConstants.RESOURCE_OWNER_GRANT); } - + public ServerAccessToken createAccessToken(Client client, MultivaluedMap params) throws OAuthServiceException { @@ -62,5 +64,10 @@ public class ResourceOwnerGrantHandler extends AbstractGrantHandler { this.loginHandler = loginHandler; } - +public void setMessageContext(MessageContext context) { +if (loginHandler != null) { +OAuthUtils.injectContextIntoOAuthProvider(context, loginHandler); +} +} + } http://git-wip-us.apache.org/repos/asf/cxf/blob/13d33c9e/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java index 298835e..95ab72f 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java @@ -25,6 +25,8 @@ import java.util.LinkedList; import java.util.List; import java.util.Map; +import javax.ws.rs.core.MultivaluedMap; + import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; import org.apache.cxf.rs.security.jose.jwt.JwtToken; @@ -306,6 +308,12 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl protected String getCurrentClientSecret() { return (String)messageContext.get(OAuthConstants.CLIENT_SECRET); } +protected MultivaluedMap getCurrentRequestParams() { +@SuppressWarnings("unchecked") +MultivaluedMap params = +(MultivaluedMap)messageContext.get(OAuthConstants.TOKEN_REQUEST_PARAMS
cxf-fediz git commit: Some logging fixes
Repository: cxf-fediz Updated Branches: refs/heads/master 5ebe79ea6 -> fac4db415 Some logging fixes Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/fac4db41 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/fac4db41 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/fac4db41 Branch: refs/heads/master Commit: fac4db41540001785cfb551cf41a3427ee47ded0 Parents: 5ebe79e Author: Colm O hEigeartaigh Authored: Thu Mar 2 11:18:02 2017 + Committer: Colm O hEigeartaigh Committed: Thu Mar 2 11:18:02 2017 + -- .../core/saml/FedizSignatureTrustValidator.java | 10 -- .../cxf/fediz/core/saml/SAMLTokenValidator.java | 4 +--- .../cxf/plugin/FedizRedirectBindingFilter.java | 16 +--- .../was/mapper/FileBasedRoleToGroupMapper.java | 4 +--- .../fediz/service/idp/beans/STSClientAction.java| 4 +--- .../idp/kerberos/KerberosTokenValidator.java| 12 .../protocols/TrustedIdpSAMLProtocolHandler.java| 9 ++--- .../protocols/TrustedIdpWSFedProtocolHandler.java | 5 + 8 files changed, 19 insertions(+), 45 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fac4db41/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java -- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java index c27f34b..8cc61e3 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java @@ -180,12 +180,10 @@ public class FedizSignatureTrustValidator implements Validator { // certificate was really signed by the issuer stated in the certificate // crypto.verifyTrust(certificates, enableRevocation, null); -if (LOG.isDebugEnabled()) { -String subjectString = certificates[0].getSubjectX500Principal().getName(); -LOG.debug( -"Certificate path has been verified for certificate with subject " + subjectString -); -} +String subjectString = certificates[0].getSubjectX500Principal().getName(); +LOG.debug( +"Certificate path has been verified for certificate with subject {}", subjectString +); } /** http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fac4db41/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java -- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java index a629d8a..7d2bc88 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java @@ -328,9 +328,7 @@ public class SAMLTokenValidator implements TokenValidator { List attributes = statement .getAttributes(); for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) { -if (LOG.isDebugEnabled()) { -LOG.debug("parsing attribute: " + attribute.getName()); -} +LOG.debug("parsing attribute: {}", attribute.getName()); Claim c = new Claim(); // Workaround for CXF-4484 // Value of Attribute Name not fully qualified http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fac4db41/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java -- diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java index 948ce8e..3e4db0e 100644 --- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java +++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java @@ -126,16 +126,12 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter String state = getState(fedConfig, params); if (responseToken == null) { -if (LOG.isDebugEnabled()) { -LOG.debug("SignIn request must contain a response token from the IdP"); -} +LOG.debug("SignIn