CXF-7314 - Custom BinarySecurityTokens are not used to set up the security context
# Conflicts: # rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c799670d Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c799670d Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c799670d Branch: refs/heads/3.1.x-fixes Commit: c799670d4bca30c7a1b316b378c8bfce90a7eeb7 Parents: e2fd915 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Tue Apr 4 11:24:57 2017 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Tue Apr 4 12:05:45 2017 +0100 ---------------------------------------------------------------------- .../DefaultWSS4JSecurityContextCreator.java | 29 +++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/c799670d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java index 7855d0e..2cbebd7 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java @@ -40,10 +40,11 @@ import org.apache.cxf.rt.security.utils.SecurityUtils; import org.apache.cxf.security.SecurityContext; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.wss4j.common.saml.SamlAssertionWrapper; +import org.apache.wss4j.common.token.PKIPathSecurity; +import org.apache.wss4j.common.token.X509Security; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.engine.WSSecurityEngineResult; import org.apache.wss4j.dom.handler.WSHandlerResult; -import org.apache.wss4j.dom.message.token.KerberosSecurity; /** * The default implementation to create a SecurityContext from a set of WSS4J processing results. @@ -93,6 +94,7 @@ public class DefaultWSS4JSecurityContextCreator implements WSS4JSecurityContextC List<WSSecurityEngineResult> foundResults = actionResults.get(resultPriority); if (foundResults != null && !foundResults.isEmpty()) { for (WSSecurityEngineResult result : foundResults) { +<<<<<<< HEAD final Object binarySecurity = result.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN); PublicKey publickey = (PublicKey)result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY); @@ -107,12 +109,37 @@ public class DefaultWSS4JSecurityContextCreator implements WSS4JSecurityContextC if (context != null) { msg.put(SecurityContext.class, context); return; +======= + + if (!skipResult(resultPriority, result)) { + SecurityContext context = createSecurityContext(msg, useJAASSubject, result); + if (context != null) { + msg.put(SecurityContext.class, context); + return; + } +>>>>>>> d1b8ff6... CXF-7314 - Custom BinarySecurityTokens are not used to set up the security context } } } } } +<<<<<<< HEAD +======= + + private boolean skipResult(Integer resultPriority, WSSecurityEngineResult result) { + Object binarySecurity = result.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN); + PublicKey publickey = + (PublicKey)result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY); + X509Certificate cert = + (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE); + + return resultPriority == WSConstants.BST + && (binarySecurity instanceof X509Security || binarySecurity instanceof PKIPathSecurity) + || resultPriority == WSConstants.SIGN && publickey == null && cert == null; + } + +>>>>>>> d1b8ff6... CXF-7314 - Custom BinarySecurityTokens are not used to set up the security context protected SecurityContext createSecurityContext( SoapMessage msg, boolean useJAASSubject, WSSecurityEngineResult wsResult ) {