ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1528513 - in /webservices/wss4j/trunk: ws-security-common/src/main/java/org/apache/wss4j/common/saml/ ws-security-stax/src/main/java/org/apache/wss4j/stax/ ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/
Date Wed, 02 Oct 2013 15:09:30 GMT
Author: coheigea
Date: Wed Oct  2 15:09:29 2013
New Revision: 1528513

URL: http://svn.apache.org/r1528513
Log:
Some bug fixes surrounding streaming UsernameTokens without passwords

Modified:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java?rev=1528513&r1=1528512&r2=1528513&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
Wed Oct  2 15:09:29 2013
@@ -834,7 +834,7 @@ public class SamlAssertionWrapper {
     ) throws WSSecurityException {
         samlVersion = samlCallback.getSamlVersion();
         if (samlVersion == null) {
-            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noSAMLVersion");
+            samlVersion = SAMLVersion.VERSION_20;
         }
         String issuer = samlCallback.getIssuer();
         

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java?rev=1528513&r1=1528512&r2=1528513&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
Wed Oct  2 15:09:29 2013
@@ -165,7 +165,8 @@ public class WSSec {
                 if (securityProperties.getTokenUser() == null) {
                     throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"noTokenUser");
                 }
-                if (securityProperties.getCallbackHandler() == null) {
+                if (securityProperties.getCallbackHandler() == null
+                    && WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE != securityProperties.getUsernameTokenPasswordType())
{
                     throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"noCallback");
                 }
                 if (securityProperties.getUsernameTokenPasswordType() == null) {

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java?rev=1528513&r1=1528512&r2=1528513&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
Wed Oct  2 15:09:29 2013
@@ -34,9 +34,11 @@ import org.apache.xml.security.stax.impl
 import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
 import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
 
+import javax.security.auth.callback.CallbackHandler;
 import javax.xml.datatype.XMLGregorianCalendar;
 import javax.xml.namespace.QName;
 import javax.xml.stream.XMLStreamException;
+
 import java.util.ArrayList;
 import java.util.GregorianCalendar;
 import java.util.List;
@@ -54,12 +56,22 @@ public class UsernameTokenOutputProcesso
     public void processEvent(XMLSecEvent xmlSecEvent, OutputProcessorChain outputProcessorChain)
throws XMLStreamException, XMLSecurityException {
 
         try {
-            WSPasswordCallback pwCb = new WSPasswordCallback(((WSSSecurityProperties) getSecurityProperties()).getTokenUser(),
WSPasswordCallback.Usage.USERNAME_TOKEN);
-            WSSUtils.doPasswordCallback(((WSSSecurityProperties)getSecurityProperties()).getCallbackHandler(),
pwCb);
-            String password = pwCb.getPassword();
+            CallbackHandler callbackHandler = ((WSSSecurityProperties)getSecurityProperties()).getCallbackHandler();
             WSSConstants.UsernameTokenPasswordType usernameTokenPasswordType = ((WSSSecurityProperties)
getSecurityProperties()).getUsernameTokenPasswordType();
+            
+            if (callbackHandler == null 
+                && WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE != usernameTokenPasswordType)
{
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCallback");
+            }
+            
+            String password = null;
+            if (callbackHandler != null) {
+                WSPasswordCallback pwCb = new WSPasswordCallback(((WSSSecurityProperties)
getSecurityProperties()).getTokenUser(), WSPasswordCallback.Usage.USERNAME_TOKEN);
+                WSSUtils.doPasswordCallback(callbackHandler, pwCb);
+                password = pwCb.getPassword();
+            }
 
-            if (password == null && usernameTokenPasswordType != null) {
+            if (password == null && WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE
!= usernameTokenPasswordType) {
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
             }
             



Mime
View raw message