date:20170616

svn commit: r1014143 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-jose.html

2017-06-16 Thread buildbot

Author: buildbot
Date: Fri Jun 16 16:47:38 2017
New Revision: 1014143

Log:
Production update by buildbot for cxf

Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/jax-rs-jose.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jax-rs-jose.html
==
--- websites/production/cxf/content/docs/jax-rs-jose.html (original)
+++ websites/production/cxf/content/docs/jax-rs-jose.html Fri Jun 16 16:47:38 
2017
@@ -119,11 +119,11 @@ Apache CXF -- JAX-RS JOSE


 /**/
+/*]]>*/
 IntroductionMaven DependenciesJava and JCE 
PolicyJOSE Overview and 
Implementation
 JWA AlgorithmsJWK KeysJWS Signature
 Signature and Verification 
ProvidersJWS 
CompactJWS 
JSONJWS 
with Detached ContentJWS with Unencoded 
Payload
@@ -679,7 +679,7 @@ Payload:
"ciphertext":"alKm_g",
"tag":"DkW2pZCd7lhR0KqIGQ69-A"
 }
-Note the Base64Url encoded protected headers go first, followed 
by the 'recipients' array, with each element containing the encrypted content 
encryption key which can be decrypted by the recipient private key, with the 
array of recipients followed by the IV, ciphertext and authentication tag 
Base64Url sequences.Linking JWT 
authentications to JWS or JWE contentCXF introduced a "JWT" HTTP 
authentication scheme, with a Base64Url encoded JWT token representing a user 
authentication against an IDP capable of issuing JWT assertions (or simply JWT 
tokens). JWT assertion is like SAML assertion except that it is in a JSON 
format. If you'd like to cryptographically bind this JWT token to a data 
secured by JWS and/or JWE processors then simply add https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/secu
 rity/jose/jaxrs/JwtAuthenticationClientFilter.java" 
rel="nofollow">JwtAuthenticationClientFilteron the client side and https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java;
 rel="nofollow">JwtAuthenticationFilter on the server side. These filters 
link the authentication token with a randomly generated secure value which is 
added to both the token and the body JWS/JWE protected headers.This 
approach is more effective compared to the ones where the body hash is 
calculated before it is submitted to a signature creation function, with the 
signature added as HTTP header.Optional protection of HTTP 
headersStarting from CXF 3.1.12 it is possible to use JWS, JWS JSON, 
JWE and JWE JSON filters to protect the selected set of HTTP headers. The JOSE 
payloads produced b
 y these filters guarantee that the JOSE headers are integrity protected. Given 
this, if one enables a 'protectHttpHeaders' boolean property on the request 
filters, then, by default, HTTP Content-Type and Accept header values will be 
registered as JOSE header properties prefixed with "http.", example, 
"http.Accept":"text/plain". The list of the headers to be protected can be 
customized using a 'protectedHttpHeaders' set property.These properties 
will be compared against the current HTTP headers on the receiving 
end.This approach does not prevent the streaming of the outgoing data 
(which will also be protected by the filters) and offers a way to secure the 
HTTP headers which are really important for the correct processing of the 
incoming payloadsJOSE in 
JAX-RS application codeIn some cases you may need to create or process 
the JOSE data directly in the service or client application code. For example, 
one of the 
 properties in the request or response payload needs to be JWS signed/verified 
and/or JWE encrypted/decrypted. The following 2 options can be tried.Option 1: Process JOSE 
directlyThis option is about using the CXF JOSE library to sign, 
encrypt, or/and decrypt and verify the data as documented above. This option should be preferred 
if one needs to keep a closer control, for example, set the custom JWS or JWE 
headers, etc.Option 
2: Use JOSE library helpers and Endpoint ConfigurationThis option 
makes it straighforward to do JOSE in the application code. One has to extend 
or delegate to a specific JOSE helper instance and configure the endpoint with 
the locatiion of the key store.Produce 
JOSE dataIf you need to protect some non JWT property -
  extend or delegate to JoseProducer:
+Note the

[1/2] cxf git commit: Fixing ports

2017-06-16 Thread coheigea

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 23408fdbb -> 5fd91a935


Fixing ports

# Conflicts:
#   
services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/02246545
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/02246545
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/02246545

Branch: refs/heads/3.0.x-fixes
Commit: 02246545d12758cf56181f2092eea227df07b621
Parents: 23408fd
Author: Colm O hEigeartaigh 
Authored: Fri Jun 16 11:37:25 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jun 16 11:41:20 2017 +0100

--
 .../IntermediaryTransformationCachingTest.java  | 12 ++--
 .../cxf-intermediary-caching.xml|  4 ++--
 2 files changed, 8 insertions(+), 8 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/02246545/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java
--
diff --git 
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java
 
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java
index 9a5f870..b04caab 100644
--- 
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java
+++ 
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java
@@ -40,7 +40,7 @@ import org.junit.BeforeClass;
  * service provider. The intermediary service provider validates the token, 
and then the
  * Intermediary client uses delegation to dispatch the received token (via 
OnBehalfOf) to another
  * STS instance. The retrieved token is sent to the service provider via 
(2-way) TLS. The STSClient is disabled
- * after two invocations, meaning that the Intermediary client must rely on 
its cache to get tokens. 
+ * after two invocations, meaning that the Intermediary client must rely on 
its cache to get tokens.
  */
 public class IntermediaryTransformationCachingTest extends 
AbstractBusClientServerTestBase {
 
@@ -51,9 +51,9 @@ public class IntermediaryTransformationCachingTest extends 
AbstractBusClientServ
 
 private static final String NAMESPACE = 
"http://www.example.org/contract/DoubleIt;;
 private static final QName SERVICE_QNAME = new QName(NAMESPACE, 
"DoubleItService");
-
-private static final String PORT = allocatePort(Intermediary.class);
-
+
+private static final String PORT = allocatePort(IntermediaryCaching.class);
+
 @BeforeClass
 public static void startServers() throws Exception {
 assertTrue(
@@ -105,7 +105,7 @@ public class IntermediaryTransformationCachingTest extends 
AbstractBusClientServ
 
 // Make initial successful invocation (for "alice")
 doubleIt(alicePort, 25);
-
+
 // Make another successful invocation for "bob"
 DoubleItPortType bobPort = service.getPort(portQName, 
DoubleItPortType.class);
 updateAddressPort(bobPort, PORT);
@@ -117,7 +117,7 @@ public class IntermediaryTransformationCachingTest extends 
AbstractBusClientServ
 // Make another invocation for "bob" - this should work as the 
intermediary caches the token
 // even though its STSClient is disabled after the second invocation
 doubleIt(bobPort, 35);
-
+
 // Make another invocation for "alice" - this should work as the 
intermediary caches the token
 // even though its STSClient is disabled after the first invocation
 doubleIt(alicePort, 40);

http://git-wip-us.apache.org/repos/asf/cxf/blob/02246545/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
--
diff --git 
a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
 
b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
index 4f367ab..8072526 100644
--- 
a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
+++

[2/2] cxf git commit: Recording .gitmergeinfo Changes

2017-06-16 Thread coheigea

Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5fd91a93
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5fd91a93
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5fd91a93

Branch: refs/heads/3.0.x-fixes
Commit: 5fd91a935960dd66ba0f28f3662b617ca23d9439
Parents: 0224654
Author: Colm O hEigeartaigh 
Authored: Fri Jun 16 11:41:21 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jun 16 11:41:21 2017 +0100

--
 .gitmergeinfo | 2 ++
 1 file changed, 2 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/5fd91a93/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index bea97f4..a32b43e 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -785,6 +785,7 @@ B 6eaa2bd9f48718d241ef6e779285c65a800862a8
 B 6ec0e90dc12c2384612f201f54d1e6e7e7f45724
 B 6ef5be5869eb0c076f8bc8ed30775028a0b314c7
 B 6efe475ad57f042ffc9547f1bb258ab4e16a3f3e
+B 6f07ef7b6c5ab9a8c88dd8e4b4d60dac0d2adb6e
 B 6f2a98efabe16b6e129ca86b292b74d006093541
 B 6f31130c52c4f328795c71f7f3891e3b7c899daf
 B 6f3e4aa162c2ec1c78256b57d98f735cfb15a2fb
@@ -1777,6 +1778,7 @@ M 00b626af504d3d59419ec2d1eb5e39943ec5b8aa
 M 011725e4de2026bbebb6a732764a86d9a2ae4109
 M 01860c78f6fd7554cf89a9bc912ca78d2b304efe
 M 02221113b4c85bc643f18c82a7d59e0179d400ac
+M 022c89df45b88284b26286559673fb8de95a0315
 M 049fe48c0489cf0e4df632a73bb91a76343d2639
 M 0529afb26222feaf5e3954518a8e3bfacd857829
 M 05383ffcfc3fe16c6acadf1a343375c00fa1116c

[2/2] cxf git commit: Fixing ports

2017-06-16 Thread coheigea

Fixing ports

# Conflicts:
#   
services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/022c89df
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/022c89df
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/022c89df

Branch: refs/heads/3.1.x-fixes
Commit: 022c89df45b88284b26286559673fb8de95a0315
Parents: 0e83d4a
Author: Colm O hEigeartaigh 
Authored: Fri Jun 16 11:37:25 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jun 16 11:38:29 2017 +0100

--
 .../IntermediaryTransformationCachingTest.java  | 12 ++--
 .../cxf-intermediary-caching.xml|  4 ++--
 2 files changed, 8 insertions(+), 8 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/022c89df/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java
--
diff --git 
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java
 
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java
index d83de84..53bda69 100644
--- 
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java
+++ 
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java
@@ -40,7 +40,7 @@ import org.junit.BeforeClass;
  * service provider. The intermediary service provider validates the token, 
and then the
  * Intermediary client uses delegation to dispatch the received token (via 
OnBehalfOf) to another
  * STS instance. The retrieved token is sent to the service provider via 
(2-way) TLS. The STSClient is disabled
- * after two invocations, meaning that the Intermediary client must rely on 
its cache to get tokens. 
+ * after two invocations, meaning that the Intermediary client must rely on 
its cache to get tokens.
  */
 public class IntermediaryTransformationCachingTest extends 
AbstractBusClientServerTestBase {
 
@@ -51,9 +51,9 @@ public class IntermediaryTransformationCachingTest extends 
AbstractBusClientServ
 
 private static final String NAMESPACE = 
"http://www.example.org/contract/DoubleIt;;
 private static final QName SERVICE_QNAME = new QName(NAMESPACE, 
"DoubleItService");
-
-private static final String PORT = allocatePort(Intermediary.class);
-
+
+private static final String PORT = allocatePort(IntermediaryCaching.class);
+
 @BeforeClass
 public static void startServers() throws Exception {
 assertTrue(
@@ -102,7 +102,7 @@ public class IntermediaryTransformationCachingTest extends 
AbstractBusClientServ
 
 // Make initial successful invocation (for "alice")
 doubleIt(alicePort, 25);
-
+
 // Make another successful invocation for "bob"
 DoubleItPortType bobPort = service.getPort(portQName, 
DoubleItPortType.class);
 updateAddressPort(bobPort, PORT);
@@ -114,7 +114,7 @@ public class IntermediaryTransformationCachingTest extends 
AbstractBusClientServ
 // Make another invocation for "bob" - this should work as the 
intermediary caches the token
 // even though its STSClient is disabled after the second invocation
 doubleIt(bobPort, 35);
-
+
 // Make another invocation for "alice" - this should work as the 
intermediary caches the token
 // even though its STSClient is disabled after the first invocation
 doubleIt(alicePort, 40);

http://git-wip-us.apache.org/repos/asf/cxf/blob/022c89df/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
--
diff --git 
a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
 
b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
index 2e51b3d..7a0baba 100644
--- 
a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
+++ 
b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
@@ -24,7 +24,7 @@
 
 
 
-

[1/2] cxf git commit: Recording .gitmergeinfo Changes

2017-06-16 Thread coheigea

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 0e83d4aa1 -> 6f07ef7b6


Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6f07ef7b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6f07ef7b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6f07ef7b

Branch: refs/heads/3.1.x-fixes
Commit: 6f07ef7b6c5ab9a8c88dd8e4b4d60dac0d2adb6e
Parents: 022c89d
Author: Colm O hEigeartaigh 
Authored: Fri Jun 16 11:38:29 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jun 16 11:38:29 2017 +0100

--
 .gitmergeinfo | 1 +
 1 file changed, 1 insertion(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/6f07ef7b/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index f8d5c77..e1d1f726 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -474,6 +474,7 @@ M 3b7587395586f59d0fe9427038dd2d891fbe223d
 M 3b967cf6d9c67bebb6e0705a3fdede4d2a6b1015
 M 3bbfc22e182ffea8c98ba8f84b4f55abfce353e7
 M 3be9aac26a003ef43995054da875ffd5fa5a2eb4
+M 3d02791f001faf35ea585ce67d3f4564f5c25c1b
 M 3d1c69dbe3c1f4ce1e9fe0a962fd022b17dac773
 M 3d783a5a17c03348da031865fb5278fe777f0fc9
 M 3d85f3179ffae6eadd5174ace6df015494d995bc

cxf git commit: Fixing ports

2017-06-16 Thread coheigea

Repository: cxf
Updated Branches:
  refs/heads/master 77e0ffed1 -> 3d02791f0


Fixing ports


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3d02791f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3d02791f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3d02791f

Branch: refs/heads/master
Commit: 3d02791f001faf35ea585ce67d3f4564f5c25c1b
Parents: 77e0ffe
Author: Colm O hEigeartaigh 
Authored: Fri Jun 16 11:37:25 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jun 16 11:37:25 2017 +0100

--
 .../IntermediaryTransformationCachingTest.java   | 8 
 .../intermediary_transformation/cxf-intermediary-caching.xml | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/3d02791f/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java
--
diff --git 
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java
 
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java
index ef90341..b42f3f7 100644
--- 
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java
+++ 
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java
@@ -41,7 +41,7 @@ import org.junit.BeforeClass;
  * service provider. The intermediary service provider validates the token, 
and then the
  * Intermediary client uses delegation to dispatch the received token (via 
OnBehalfOf) to another
  * STS instance. The retrieved token is sent to the service provider via 
(2-way) TLS. The STSClient is disabled
- * after two invocations, meaning that the Intermediary client must rely on 
its cache to get tokens. 
+ * after two invocations, meaning that the Intermediary client must rely on 
its cache to get tokens.
  */
 public class IntermediaryTransformationCachingTest extends 
AbstractBusClientServerTestBase {
 
@@ -53,7 +53,7 @@ public class IntermediaryTransformationCachingTest extends 
AbstractBusClientServ
 private static final String NAMESPACE = 
"http://www.example.org/contract/DoubleIt;;
 private static final QName SERVICE_QNAME = new QName(NAMESPACE, 
"DoubleItService");
 
-private static final String PORT = allocatePort(Intermediary.class);
+private static final String PORT = allocatePort(IntermediaryCaching.class);
 
 @BeforeClass
 public static void startServers() throws Exception {
@@ -103,7 +103,7 @@ public class IntermediaryTransformationCachingTest extends 
AbstractBusClientServ
 
 // Make initial successful invocation (for "alice")
 doubleIt(alicePort, 25);
-
+
 // Make another successful invocation for "bob"
 DoubleItPortType bobPort = service.getPort(portQName, 
DoubleItPortType.class);
 updateAddressPort(bobPort, PORT);
@@ -115,7 +115,7 @@ public class IntermediaryTransformationCachingTest extends 
AbstractBusClientServ
 // Make another invocation for "bob" - this should work as the 
intermediary caches the token
 // even though its STSClient is disabled after the second invocation
 doubleIt(bobPort, 35);
-
+
 // Make another invocation for "alice" - this should work as the 
intermediary caches the token
 // even though its STSClient is disabled after the first invocation
 doubleIt(alicePort, 40);

http://git-wip-us.apache.org/repos/asf/cxf/blob/3d02791f/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
--
diff --git 
a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
 
b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
index 3748f56..ddd9dd2 100644
--- 
a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
+++ 
b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
@@ -24,7 +24,7 @@
 
 
 
-http://www.example.org/contract/DoubleIt; 
id="doubleittransportsaml1endorsing"

cxf git commit: Backporting fix for CVE-2017-5656

2017-06-16 Thread coheigea

Repository: cxf
Updated Branches:
  refs/heads/2.6.x-fixes 72c4194a6 -> f25f4a51b


Backporting fix for CVE-2017-5656


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f25f4a51
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f25f4a51
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f25f4a51

Branch: refs/heads/2.6.x-fixes
Commit: f25f4a51bf0de5255414c233f41ccc35cf00a073
Parents: 72c4194
Author: Colm O hEigeartaigh 
Authored: Fri Jun 16 10:58:11 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jun 16 10:58:11 2017 +0100

--
 .../IssuedTokenInterceptorProvider.java | 171 ---
 1 file changed, 113 insertions(+), 58 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/f25f4a51/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
--
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
index 35fb3aa..25577bb 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
@@ -19,6 +19,8 @@
 
 package org.apache.cxf.ws.security.policy.interceptors;
 
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -27,7 +29,10 @@ import java.util.List;
 import java.util.Map;
 import java.util.Properties;
 
+import org.w3c.dom.CDATASection;
 import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.Text;
 
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.helpers.CastUtils;
@@ -64,36 +69,37 @@ import org.apache.ws.security.message.token.BinarySecurity;
 import org.apache.ws.security.saml.SAMLKeyInfo;
 import org.apache.ws.security.saml.ext.AssertionWrapper;
 import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.xml.security.utils.Base64;
 
 /**
- * 
+ *
  */
 public class IssuedTokenInterceptorProvider extends 
AbstractPolicyInterceptorProvider {
-
+
 private static final long serialVersionUID = -6936475570762840527L;
-private static final String ASSOCIATED_TOKEN = 
+private static final String ASSOCIATED_TOKEN =
 IssuedTokenInterceptorProvider.class.getName() + "-" + 
"Associated_Token";
 
 public IssuedTokenInterceptorProvider() {
 super(Arrays.asList(SP11Constants.ISSUED_TOKEN, 
SP12Constants.ISSUED_TOKEN));
-
+
 //issued tokens can be attached as a supporting token without
 //any type of binding.  Make sure we can support that.
 this.getOutInterceptors().add(PolicyBasedWSS4JOutInterceptor.INSTANCE);
 
this.getOutFaultInterceptors().add(PolicyBasedWSS4JOutInterceptor.INSTANCE);
 this.getInInterceptors().add(PolicyBasedWSS4JInInterceptor.INSTANCE);
 
this.getInFaultInterceptors().add(PolicyBasedWSS4JInInterceptor.INSTANCE);
-
+
 this.getOutInterceptors().add(new IssuedTokenOutInterceptor());
 this.getOutFaultInterceptors().add(new IssuedTokenOutInterceptor());
 this.getInInterceptors().add(new IssuedTokenInInterceptor());
 this.getInFaultInterceptors().add(new IssuedTokenInInterceptor());
 }
-
+
 static final TokenStore createTokenStore(Message message) {
 EndpointInfo info = 
message.getExchange().get(Endpoint.class).getEndpointInfo();
 synchronized (info) {
-TokenStore tokenStore = 
+TokenStore tokenStore =
 
(TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
 if (tokenStore == null) {
 tokenStore = 
(TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
@@ -121,7 +127,7 @@ public class IssuedTokenInterceptorProvider extends 
AbstractPolicyInterceptorPro
 static class IssuedTokenOutInterceptor extends 
AbstractPhaseInterceptor {
 public IssuedTokenOutInterceptor() {
 super(Phase.PREPARE_SEND);
-}
+}
 private static void mapSecurityProps(Message message, Map ctx) {
 for (String s : SecurityConstants.ALL_PROPERTIES) {
 Object v = message.getContextualProperty(s + ".it");
@@ -143,7 +149,7 @@ public class IssuedTokenInterceptorProvider extends 
AbstractPolicyInterceptorPro

[2/2] cxf git commit: Fixing merge

2017-06-16 Thread coheigea

Fixing merge


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/72c4194a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/72c4194a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/72c4194a

Branch: refs/heads/2.6.x-fixes
Commit: 72c4194a634a40265171b4288927f35dc329c552
Parents: f318ee6
Author: Colm O hEigeartaigh 
Authored: Fri Jun 16 10:21:38 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jun 16 10:21:38 2017 +0100

--
 .../saml/sso/SAMLSSOResponseValidator.java  |  95 +++---
 .../saml/sso/CombinedValidatorTest.java | 329 ++-
 2 files changed, 305 insertions(+), 119 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/72c4194a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
--
diff --git 
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
 
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index 096468c..0bb1c79 100644
--- 
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++ 
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -36,32 +36,33 @@ import org.opensaml.saml2.core.AuthnStatement;
  * should be validated by the SAMLProtocolResponseValidator first.
  */
 public class SAMLSSOResponseValidator {
-
+
 private static final Logger LOG = 
LogUtils.getL7dLogger(SAMLSSOResponseValidator.class);
-
+
 private String issuerIDP;
 private String assertionConsumerURL;
 private String clientAddress;
 private String requestId;
 private String spIdentifier;
+private boolean enforceResponseSigned;
 private boolean enforceAssertionsSigned = true;
 private boolean enforceKnownIssuer = true;
 private TokenReplayCache replayCache;
-
+
 /**
  * Enforce that Assertions must be signed if the POST binding was used. 
The default is true.
  */
 public void setEnforceAssertionsSigned(boolean enforceAssertionsSigned) {
 this.enforceAssertionsSigned = enforceAssertionsSigned;
 }
-
+
 /**
  * Enforce that the Issuer of the received Response/Assertion is known. 
The default is true.
  */
 public void setEnforceKnownIssuer(boolean enforceKnownIssuer) {
 this.enforceKnownIssuer = enforceKnownIssuer;
 }
-
+
 /**
  * Validate a SAML 2 Protocol Response
  * @param samlResponse
@@ -81,7 +82,7 @@ public class SAMLSSOResponseValidator {
 LOG.fine("The Response must contain at least one Assertion");
 throw new WSSecurityException(WSSecurityException.FAILURE, 
"invalidSAMLsecurity");
 }
-
+
 // The Response must contain a Destination that matches the 
assertionConsumerURL if it is
 // signed
 String destination = samlResponse.getDestination();
@@ -90,9 +91,14 @@ public class SAMLSSOResponseValidator {
 LOG.fine("The Response must contain a destination that matches the 
assertion consumer URL");
 throw new WSSecurityException(WSSecurityException.FAILURE, 
"invalidSAMLsecurity");
 }
-
+
+if (enforceResponseSigned && !samlResponse.isSigned()) {
+LOG.fine("The Response must be signed!");
+throw new WSSecurityException(WSSecurityException.FAILURE, 
"invalidSAMLsecurity");
+}
+
 // Validate Assertions
-org.opensaml.saml.saml2.core.Assertion validAssertion = null;
+org.opensaml.saml2.core.Assertion validAssertion = null;
 Date sessionNotOnOrAfter = null;
 for (org.opensaml.saml2.core.Assertion assertion : 
samlResponse.getAssertions()) {
 // Check the Issuer
@@ -101,13 +107,13 @@ public class SAMLSSOResponseValidator {
 throw new WSSecurityException(WSSecurityException.FAILURE, 
"invalidSAMLsecurity");
 }
 validateIssuer(assertion.getIssuer());
-
+
 if (enforceAssertionsSigned && postBinding && 
assertion.getSignature() == null) {
 LOG.fine("If the HTTP Post binding is used to deliver the 
Response, "
  + "the enclosed assertions must be signed");
 throw new WSSecurityException(WSSecurityException.FAILURE, 
"invalidSAMLsecurity");
 }
-
+
 // Check for AuthnStatements and validate the Subject accordingly
 if (assertion.getAuthnStatements() != null
 && !assertion.getAuthnStatements().isEmpty()) {
@@

[1/2] cxf git commit: Adding SAML SSO tests.

2017-06-16 Thread coheigea

Repository: cxf
Updated Branches:
  refs/heads/2.6.x-fixes 7aa3f2da2 -> 72c4194a6


Adding SAML SSO tests.

Conflicts:

rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f318ee61
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f318ee61
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f318ee61

Branch: refs/heads/2.6.x-fixes
Commit: f318ee614c8cdc6f2c485d42ff2d670d67e6455a
Parents: 7aa3f2d
Author: Colm O hEigeartaigh 
Authored: Thu Jul 30 17:55:32 2015 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jun 16 10:08:56 2017 +0100

--
 .../saml/sso/SAMLSSOResponseValidator.java  |  15 +-
 .../saml/sso/AbstractSAMLCallbackHandler.java   |   4 +
 .../saml/sso/CombinedValidatorTest.java | 218 +++
 3 files changed, 233 insertions(+), 4 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/f318ee61/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
--
diff --git 
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
 
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index 370a3ce..096468c 100644
--- 
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++ 
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -92,7 +92,7 @@ public class SAMLSSOResponseValidator {
 }
 
 // Validate Assertions
-boolean foundValidSubject = false;
+org.opensaml.saml.saml2.core.Assertion validAssertion = null;
 Date sessionNotOnOrAfter = null;
 for (org.opensaml.saml2.core.Assertion assertion : 
samlResponse.getAssertions()) {
 // Check the Issuer
@@ -114,7 +114,7 @@ public class SAMLSSOResponseValidator {
 org.opensaml.saml2.core.Subject subject = 
assertion.getSubject();
 if (validateAuthenticationSubject(subject, assertion.getID(), 
postBinding)) {
 
validateAudienceRestrictionCondition(assertion.getConditions());
-foundValidSubject = true;
+validAssertion = assertion;
 // Store Session NotOnOrAfter
 for (AuthnStatement authnStatment : 
assertion.getAuthnStatements()) {
 if (authnStatment.getSessionNotOnOrAfter() != null) {
@@ -123,10 +123,9 @@ public class SAMLSSOResponseValidator {
 }
 }
 }
-
 }
 
-if (!foundValidSubject) {
+if (validAssertion == null) {
 LOG.fine("The Response did not contain any Authentication 
Statement that matched "
  + "the Subject Confirmation criteria");
 throw new WSSecurityException(WSSecurityException.FAILURE, 
"invalidSAMLsecurity");
@@ -136,8 +135,16 @@ public class SAMLSSOResponseValidator {
 validatorResponse.setResponseId(samlResponse.getID());
 validatorResponse.setSessionNotOnOrAfter(sessionNotOnOrAfter);
 // the assumption for now is that SAMLResponse will contain only a 
single assertion
+<<< HEAD
 Element assertionElement = 
samlResponse.getAssertions().get(0).getDOM();
 
validatorResponse.setAssertion(DOM2Writer.nodeToString(assertionElement.cloneNode(true)));
+===
+Element assertionElement = validAssertion.getDOM();
+Element clonedAssertionElement = 
(Element)assertionElement.cloneNode(true);
+validatorResponse.setAssertionElement(clonedAssertionElement);
+
validatorResponse.setAssertion(DOM2Writer.nodeToString(clonedAssertionElement));
+
+>>> 1c2a530... Adding SAML SSO tests.
 return validatorResponse;
 }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/f318ee61/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
--
diff --git 
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
 
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
index c09d2e3..90e9f9b 100644
--- 
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
+++

cxf git commit: [CXF-7411]ensure tests passed with java9-ea+174

2017-06-16 Thread ffang

Repository: cxf
Updated Branches:
  refs/heads/master 63e100e48 -> 77e0ffed1


[CXF-7411]ensure tests passed with java9-ea+174


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/77e0ffed
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/77e0ffed
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/77e0ffed

Branch: refs/heads/master
Commit: 77e0ffed1a647a159d7b249071de87c049803885
Parents: 63e100e
Author: Freeman Fang 
Authored: Fri Jun 16 14:57:33 2017 +0800
Committer: Freeman Fang 
Committed: Fri Jun 16 14:57:33 2017 +0800

--
 .../cdi/cdi-weld/cdi-producers-weld/pom.xml | 45 +++-
 1 file changed, 44 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/77e0ffed/systests/cdi/cdi-weld/cdi-producers-weld/pom.xml
--
diff --git a/systests/cdi/cdi-weld/cdi-producers-weld/pom.xml 
b/systests/cdi/cdi-weld/cdi-producers-weld/pom.xml
index a626bba..ec5041d 100644
--- a/systests/cdi/cdi-weld/cdi-producers-weld/pom.xml
+++ b/systests/cdi/cdi-weld/cdi-producers-weld/pom.xml
@@ -48,4 +48,47 @@
  abdera-parser
 
 
-
\ No newline at end of file
+ 
+
+
+java9
+
+-ea --patch-module 
java.xml.ws.annotation=${project.basedir}/target/java9/javax.annotation-api-${cxf.javax.annotation-api.version}.jar
 --add-opens java.rmi/sun.rmi.transport=ALL-UNNAMED --add-opens 
java.xml.ws/javax.xml.ws=ALL-UNNAMED --add-opens 
jdk.xml.bind/com.sun.codemodel.internal=ALL-UNNAMED  --add-opens 
jdk.xml.bind/com.sun.tools.internal.xjc.api.impl.s2j=ALL-UNNAMED --add-opens 
java.xml.ws/javax.xml.ws.wsaddressing=ALL-UNNAMED --add-opens 
java.base/java.security=ALL-UNNAMED --add-opens java.base/java.net=ALL-UNNAMED 
--add-opens java.base/java.lang=ALL-UNNAMED --add-opens 
java.base/java.util=ALL-UNNAMED --add-opens 
java.base/java.util.concurrent=ALL-UNNAMED 
--add-exports=java.base/sun.security.util=ALL-UNNAMED 
--add-exports=java.xml/com.sun.org.apache.xerces.internal.impl.xs=ALL-UNNAMED 
--add-exports=java.base/sun.reflect.generics.reflectiveObjects=ALL-UNNAMED 
--add-exports=java.xml/com.sun.org.apache.xerces.internal.impl.xs.util=ALL-
 UNNAMED 
--add-exports=java.xml/com.sun.org.apache.xerces.internal.jaxp=ALL-UNNAMED 
--add-exports=java.xml/com.sun.org.apache.xerces.internal.dom=ALL-UNNAMED 
--add-exports=java.xml.bind/com.sun.xml.internal.bind.marshaller=ALL-UNNAMED 
--add-exports=java.xml/com.sun.org.apache.xml.internal.resolver=ALL-UNNAMED 
--add-exports=java.xml/com.sun.org.apache.xml.internal.resolver.tools=ALL-UNNAMED
 --add-exports=java.xml.ws/com.sun.xml.internal.messaging.saaj.soap=ALL-UNNAMED 
--add-exports=jdk.xml.bind/com.sun.tools.internal.xjc.api.impl.s2j=ALL-UNNAMED 
--add-exports=jdk.xml.bind/com.sun.tools.internal.xjc=ALL-UNNAMED 
--add-exports=jdk.xml.bind/com.sun.tools.internal.xjc.api=ALL-UNNAMED 
--add-exports=jdk.xml.bind/com.sun.codemodel.internal=ALL-UNNAMED 
--add-exports=jdk.xml.bind/com.sun.codemodel.internal.writer=ALL-UNNAMED 
--add-exports=java.xml.ws.annotation/javax.annotation.security=ALL-UNNAMED 
--add-modules 
java.activation,java.xml.bind,java.xml.ws,jdk.xml.bind
+-ea --patch-module 
java.xml.ws.annotation=${project.basedir}/target/java9/javax.annotation-api-${cxf.javax.annotation-api.version}.jar
 --add-opens java.rmi/sun.rmi.transport=ALL-UNNAMED --add-opens 
java.xml.ws/javax.xml.ws=ALL-UNNAMED --add-opens 
jdk.xml.bind/com.sun.codemodel.internal=ALL-UNNAMED  --add-opens 
jdk.xml.bind/com.sun.tools.internal.xjc.api.impl.s2j=ALL-UNNAMED --add-opens 
java.xml.ws/javax.xml.ws.wsaddressing=ALL-UNNAMED --add-opens 
java.base/java.security=ALL-UNNAMED --add-opens java.base/java.net=ALL-UNNAMED 
--add-opens java.base/java.lang=ALL-UNNAMED --add-opens 
java.base/java.util=ALL-UNNAMED --add-opens 
java.base/java.util.concurrent=ALL-UNNAMED 
--add-exports=java.base/sun.reflect.generics.reflectiveObjects=ALL-UNNAMED 
--add-exports=java.base/sun.security.util=ALL-UNNAMED 
--add-exports=java.xml/com.sun.org.apache.xerces.internal.impl.xs=ALL-UNNAMED 
--add-exports=java.xml/com.sun.org.apache.xerces.internal.impl.xs.util=AL
 L-UNNAMED 
--add-exports=java.xml/com.sun.org.apache.xerces.internal.jaxp=ALL-UNNAMED 
--add-exports=java.xml.bind/com.sun.xml.internal.bind.marshaller=ALL-UNNAMED 
--add-exports=java.xml/com.sun.org.apache.xerces.internal.dom=ALL-UNNAMED 
--add-exports=java.xml/com.sun.org.apache.xml.internal.resolver=ALL-UNNAMED 
--add-exports=java.xml/com.sun.org.apache.xml.internal.resolver.tools=ALL-UNNAMED
 --add-exports=java.xml.ws/com.sun.xml.internal.messaging.saaj.soap=ALL-UNNAMED

svn commit: r1014143 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-jose.html

[1/2] cxf git commit: Fixing ports

[2/2] cxf git commit: Recording .gitmergeinfo Changes

[2/2] cxf git commit: Fixing ports

[1/2] cxf git commit: Recording .gitmergeinfo Changes

cxf git commit: Fixing ports

cxf git commit: Backporting fix for CVE-2017-5656

[2/2] cxf git commit: Fixing merge

[1/2] cxf git commit: Adding SAML SSO tests.

cxf git commit: [CXF-7411]ensure tests passed with java9-ea+174

10 matches

Site Navigation

Mail list logo

Footer information