[2/3] cxf git commit: CXF-7314 - Custom BinarySecurityTokens are not used to set up the security context
CXF-7314 - Custom BinarySecurityTokens are not used to set up the security context # Conflicts: # rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c799670d Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c799670d Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c799670d Branch: refs/heads/3.1.x-fixes Commit: c799670d4bca30c7a1b316b378c8bfce90a7eeb7 Parents: e2fd915 Author: Colm O hEigeartaighAuthored: Tue Apr 4 11:24:57 2017 +0100 Committer: Colm O hEigeartaigh Committed: Tue Apr 4 12:05:45 2017 +0100 -- .../DefaultWSS4JSecurityContextCreator.java | 29 +++- 1 file changed, 28 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/c799670d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java index 7855d0e..2cbebd7 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java @@ -40,10 +40,11 @@ import org.apache.cxf.rt.security.utils.SecurityUtils; import org.apache.cxf.security.SecurityContext; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.wss4j.common.saml.SamlAssertionWrapper; +import org.apache.wss4j.common.token.PKIPathSecurity; +import org.apache.wss4j.common.token.X509Security; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.engine.WSSecurityEngineResult; import org.apache.wss4j.dom.handler.WSHandlerResult; -import org.apache.wss4j.dom.message.token.KerberosSecurity; /** * The default implementation to create a SecurityContext from a set of WSS4J processing results. @@ -93,6 +94,7 @@ public class DefaultWSS4JSecurityContextCreator implements WSS4JSecurityContextC List foundResults = actionResults.get(resultPriority); if (foundResults != null && !foundResults.isEmpty()) { for (WSSecurityEngineResult result : foundResults) { +<<< HEAD final Object binarySecurity = result.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN); PublicKey publickey = (PublicKey)result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY); @@ -107,12 +109,37 @@ public class DefaultWSS4JSecurityContextCreator implements WSS4JSecurityContextC if (context != null) { msg.put(SecurityContext.class, context); return; +=== + +if (!skipResult(resultPriority, result)) { +SecurityContext context = createSecurityContext(msg, useJAASSubject, result); +if (context != null) { +msg.put(SecurityContext.class, context); +return; +} +>>> d1b8ff6... CXF-7314 - Custom BinarySecurityTokens are not used to set up the security context } } } } } +<<< HEAD +=== + +private boolean skipResult(Integer resultPriority, WSSecurityEngineResult result) { +Object binarySecurity = result.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN); +PublicKey publickey = +(PublicKey)result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY); +X509Certificate cert = + (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE); + +return resultPriority == WSConstants.BST +&& (binarySecurity instanceof X509Security || binarySecurity instanceof PKIPathSecurity) +|| resultPriority == WSConstants.SIGN && publickey == null && cert == null; +} + +>>> d1b8ff6... CXF-7314 - Custom BinarySecurityTokens are not used to set up the security context protected SecurityContext createSecurityContext( SoapMessage msg, boolean useJAASSubject, WSSecurityEngineResult wsResult ) {
cxf git commit: CXF-7314 - Custom BinarySecurityTokens are not used to set up the security context
Repository: cxf Updated Branches: refs/heads/master b77e43f19 -> d1b8ff637 CXF-7314 - Custom BinarySecurityTokens are not used to set up the security context Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d1b8ff63 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d1b8ff63 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d1b8ff63 Branch: refs/heads/master Commit: d1b8ff6374a0729752948213b7a0cdb7427085d1 Parents: b77e43f Author: Colm O hEigeartaighAuthored: Tue Apr 4 11:24:57 2017 +0100 Committer: Colm O hEigeartaigh Committed: Tue Apr 4 11:24:57 2017 +0100 -- .../DefaultWSS4JSecurityContextCreator.java | 36 1 file changed, 21 insertions(+), 15 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/d1b8ff63/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java index 77708f5..a6fa8ef 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java @@ -40,10 +40,11 @@ import org.apache.cxf.rt.security.utils.SecurityUtils; import org.apache.cxf.security.SecurityContext; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.wss4j.common.saml.SamlAssertionWrapper; +import org.apache.wss4j.common.token.PKIPathSecurity; +import org.apache.wss4j.common.token.X509Security; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.engine.WSSecurityEngineResult; import org.apache.wss4j.dom.handler.WSHandlerResult; -import org.apache.wss4j.dom.message.token.KerberosSecurity; /** * The default implementation to create a SecurityContext from a set of WSS4J processing results. @@ -94,26 +95,31 @@ public class DefaultWSS4JSecurityContextCreator implements WSS4JSecurityContextC List foundResults = actionResults.get(resultPriority); if (foundResults != null && !foundResults.isEmpty()) { for (WSSecurityEngineResult result : foundResults) { -final Object binarySecurity = result.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN); -PublicKey publickey = - (PublicKey)result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY); -X509Certificate cert = - (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE); - -if ((resultPriority == WSConstants.BST && !(binarySecurity instanceof KerberosSecurity)) -|| (resultPriority == WSConstants.SIGN && publickey == null && cert == null)) { -continue; -} -SecurityContext context = createSecurityContext(msg, useJAASSubject, result); -if (context != null) { -msg.put(SecurityContext.class, context); -return; + +if (!skipResult(resultPriority, result)) { +SecurityContext context = createSecurityContext(msg, useJAASSubject, result); +if (context != null) { +msg.put(SecurityContext.class, context); +return; +} } } } } } +private boolean skipResult(Integer resultPriority, WSSecurityEngineResult result) { +Object binarySecurity = result.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN); +PublicKey publickey = +(PublicKey)result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY); +X509Certificate cert = + (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE); + +return resultPriority == WSConstants.BST +&& (binarySecurity instanceof X509Security || binarySecurity instanceof PKIPathSecurity) +|| resultPriority == WSConstants.SIGN && publickey == null && cert == null; +} + protected SecurityContext createSecurityContext( SoapMessage msg, boolean useJAASSubject, WSSecurityEngineResult wsResult ) {