Merge pull request #13 from bill-looby/samples-fixes
Fix all issues with the rampart-samples
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
index eafea0c..a06a0ac 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
@@ -273,10 +273,13 @@
boolean encrDataFound = false;
for (WSSecurityEngineResult result : list) {
- ArrayList dataRefURIs = (ArrayList) result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
- if (dataRefURIs != null && dataRefURIs.size() != 0) {
- encrDataFound = true;
- }
+ Object resultElement = result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+ if (resultElement instanceof ArrayList) {
+ ArrayList dataRefURIs = (ArrayList) resultElement;
+ if (dataRefURIs != null && dataRefURIs.size() != 0) {
+ encrDataFound = true;
+ }
+ }
}
//TODO check whether the encrptedDataFound is an UsernameToken
if(encrDataFound && !isUsernameTokenPresent(data)) {
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
index e240c48..8881b7c 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
@@ -26,6 +26,7 @@
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.Token;
import org.apache.rahas.TokenStorage;
+import org.apache.rahas.TrustException;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.policy.model.KerberosConfig;
import org.apache.rampart.policy.model.RampartConfig;
@@ -243,34 +244,19 @@
Crypto signatureCrypto = RampartUtil.getSignatureCrypto(rpd.getRampartConfig(),
msgCtx.getAxisService().getClassLoader());
- TokenCallbackHandler tokenCallbackHandler = new TokenCallbackHandler(rmd.getTokenStorage(), RampartUtil.getPasswordCB(rmd));
- if(rpd.isSymmetricBinding()) {
- //Here we have to create the CB handler to get the tokens from the
- //token storage
- log.debug("Processing security header using SymetricBinding");
- requestData.setEncodePasswords(true);
- requestData.setCallbackHandler(tokenCallbackHandler);
- requestData.setSigVerCrypto(signatureCrypto);
- requestData.setActor(actorValue);
- requestData.setDecCrypto(RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), msgCtx.getAxisService().getClassLoader()));
+ TokenCallbackHandler tokenCallbackHandler = new TokenCallbackHandler(rmd.getTokenStorage(), RampartUtil.getPasswordCB(rmd));
+
+ Crypto decCrypto = RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), msgCtx.getAxisService().getClassLoader());
+ WSHandlerResult result = processSecurityHeaderWithRSA15(engine, rmd, engine.getWssConfig(), actorValue,
+ tokenCallbackHandler, signatureCrypto, decCrypto);
+ results = result.getResults();
- WSHandlerResult result = engine.processSecurityHeader(rmd.getDocument(), requestData);
- results = result.getResults();
- // Removcryption tokens if this is the initiator and if initiator is receiving a message
-
- if (rmd.isInitiator() && (msgCtx.getFLOW() == MessageContext.IN_FLOW ||
- msgCtx.getFLOW() == MessageContext.IN_FAULT_FLOW)) {
- tokenCallbackHandler.removeEncryptedToken();
- }
-
- } else {
-
- log.debug("Processing security header in normal path");
- Crypto decCrypto = RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), msgCtx.getAxisService().getClassLoader());
- WSHandlerResult result = processSecurityHeaderWithRSA15(engine, rmd, engine.getWssConfig(), actorValue,
- tokenCallbackHandler, signatureCrypto, decCrypto);
- results = result.getResults();
- }
+ if(rpd.isSymmetricBinding()) {
+ if (rmd.isInitiator() && (msgCtx.getFLOW() == MessageContext.IN_FLOW ||
+ msgCtx.getFLOW() == MessageContext.IN_FAULT_FLOW)) {
+ tokenCallbackHandler.removeEncryptedToken();
+ }
+ }
if(dotDebug){
t1 = System.currentTimeMillis();
@@ -408,12 +394,13 @@
throws WSSecurityException {
RequestData data = new RequestData();
- data.setWssConfig(config);
+ data.setEncodePasswords(false);
data.setActor(actor);
data.setDecCrypto(decCrypto);
data.setSigVerCrypto(sigCrypto);
data.setCallbackHandler(cb);
- data.setAllowRSA15KeyTransportAlgorithm(true);
+ data.setAllowRSA15KeyTransportAlgorithm(true); // backward compatibility
+ data.setValidateSamlSubjectConfirmation(false); // backward compatibility
return engine.processSecurityHeader(rmd.getDocument(), data);
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
index e96be0a..274a933 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
@@ -790,6 +790,7 @@
List<WSHandlerResult> results
= (List<WSHandlerResult>)rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
+
/*
* loop over all results gathered by all handlers in the chain. For each
* handler result get the various actions. After that loop we have all
@@ -799,9 +800,17 @@
for (Object result : results) {
WSHandlerResult wshResult = (WSHandlerResult) result;
- signatureActions.addAll(wshResult.getActionResults().get(WSConstants.SIGN));
- signatureActions.addAll(wshResult.getActionResults().get(WSConstants.ST_SIGNED));
- signatureActions.addAll(wshResult.getActionResults().get(WSConstants.UT_SIGN));
+ if (null != wshResult.getActionResults()) {
+ if (null != wshResult.getActionResults().get(WSConstants.SIGN)) {
+ signatureActions.addAll(wshResult.getActionResults().get(WSConstants.SIGN));
+ }
+ if (null != wshResult.getActionResults().get(WSConstants.ST_SIGNED)) {
+ signatureActions.addAll(wshResult.getActionResults().get(WSConstants.ST_SIGNED));
+ }
+ if (null != wshResult.getActionResults().get(WSConstants.UT_SIGN)) {
+ signatureActions.addAll(wshResult.getActionResults().get(WSConstants.UT_SIGN));
+ }
+ }
}
// prepare a SignatureConfirmation token
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
index 3ad8d0a..b36ef39 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
@@ -720,7 +720,8 @@
// Set the SHA1 value of the encrypted key, this is used when the encrypted
// key is referenced via a key identifier of type EncryptedKeySHA1
- tempTok.setSHA1(getSHA1(encrKey.getEncryptedKeySHA1().getBytes()));
+ //tempTok.setSHA1(getSHA1(encrKey.getEncryptedKeySHA1().getBytes()));
+ tempTok.setSHA1(encrKey.getEncryptedKeySHA1());
rmd.getTokenStorage().add(tempTok);
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
index f082a01..3b8d0a4 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
@@ -40,8 +40,11 @@
import org.apache.wss4j.dom.handler.WSHandlerResult;
import java.util.ArrayList;
+import java.util.HashMap;
import java.util.Iterator;
+import java.util.LinkedList;
import java.util.List;
+import java.util.Map;
import javax.xml.namespace.QName;
@@ -109,7 +112,7 @@
results = new ArrayList<WSHandlerResult>();
msgContext.setProperty(WSHandlerConstants.RECV_RESULTS, results);
}
- WSHandlerResult rResult = new WSHandlerResult("", wsResult, null);
+ WSHandlerResult rResult = new WSHandlerResult("", wsResult, filterActionResults(wsResult));
results.add(0, rResult);
SOAPHeader header = null;
@@ -141,7 +144,23 @@
return InvocationResponse.CONTINUE;
}
-
+
+ private Map<Integer, List<WSSecurityEngineResult>> filterActionResults( List<WSSecurityEngineResult> results) {
+ Map<Integer, List<WSSecurityEngineResult>> actionResultsMap = new HashMap();
+
+ for (WSSecurityEngineResult result : results) {
+ Integer resultTag = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
+ if (null != resultTag) {
+ List<WSSecurityEngineResult> actionResults = actionResultsMap.get(resultTag);
+ if (null == actionResults) {
+ actionResults = new ArrayList<>();
+ actionResultsMap.put(resultTag, actionResults);
+ }
+ actionResults.add(result);
+ }
+ }
+ return actionResultsMap;
+ }
public HandlerDescription getHandlerDesc() {
return this.handlerDesc;
diff --git a/modules/rampart-extensions/jpam-callback-handler/src/main/java/org/apache/rampart/extensions/jpam/JPAMCallbackHandler.java b/modules/rampart-extensions/jpam-callback-handler/src/main/java/org/apache/rampart/extensions/jpam/JPAMCallbackHandler.java
index f42ca7b..268adb7 100644
--- a/modules/rampart-extensions/jpam-callback-handler/src/main/java/org/apache/rampart/extensions/jpam/JPAMCallbackHandler.java
+++ b/modules/rampart-extensions/jpam-callback-handler/src/main/java/org/apache/rampart/extensions/jpam/JPAMCallbackHandler.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-import org.apache.ws.security.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -32,7 +32,7 @@
for (int i = 0; i < callbacks.length; i++) {
// When the server side need to authenticate the user
WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
- if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+ if (pwcb.getUsage() == WSPasswordCallback.UNKNOWN) {
Pam pam = new Pam();
PamReturnValue ret = pam.authenticate(pwcb.getIdentifer(), pwcb
.getPassword());
diff --git a/modules/rampart-samples/policy/build.xml b/modules/rampart-samples/policy/build.xml
index e9f6dea..ec42927 100644
--- a/modules/rampart-samples/policy/build.xml
+++ b/modules/rampart-samples/policy/build.xml
@@ -202,7 +202,7 @@
<arg value="${service.repos.dir}/sample@{sample.number}"/>
<arg value="-p${server.port}"/>
<classpath refid="runtime.classpath"/>
- <jvmarg line="-Djava.endorsed.dirs=${endorsed.dir} ${vmargs}"/>
+ <jvmarg line="${vmargs}"/>
</java>
</sequential>
@@ -266,7 +266,7 @@
<arg value="${service.repos.dir}/sample@{sample.number}"/>
<arg value="-p${server.port}"/>
<classpath refid="runtime.classpath"/>
- <jvmarg line="-Djava.endorsed.dirs=${endorsed.dir} ${vmargs}"/>
+ <jvmarg line="${vmargs}"/>
</java>
</sequential>
diff --git a/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/Client.java b/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/Client.java
index 2bc3ecb..0d68d76 100644
--- a/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/Client.java
+++ b/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/Client.java
@@ -16,6 +16,7 @@
package org.apache.rampart.tomcat.sample;
+import java.io.FileInputStream;
import java.util.Iterator;
import java.util.List;
@@ -23,7 +24,8 @@
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;
-import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.om.OMXMLBuilderFactory;
+import org.apache.axiom.om.OMXMLParserWrapper;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
@@ -61,7 +63,7 @@
}
private static Policy loadPolicy(String xmlPath) throws Exception {
- StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ OMXMLParserWrapper builder = OMXMLBuilderFactory.createOMBuilder(new FileInputStream(xmlPath));
OMElement elem = builder.getDocumentElement();
return PolicyEngine.getPolicy(builder.getDocumentElement());
}
diff --git a/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/PWCBHandler.java b/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/PWCBHandler.java
index 79b71a6..3cf5d47 100644
--- a/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/PWCBHandler.java
+++ b/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/PWCBHandler.java
@@ -16,7 +16,7 @@
package org.apache.rampart.tomcat.sample;
-import org.apache.ws.security.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -32,7 +32,7 @@
//When the server side need to authenticate the user
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
- if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+ if (pwcb.getUsage() == WSPasswordCallback.UNKNOWN) {
if(pwcb.getIdentifier().equals("alice") && pwcb.getPassword().equals("bobPW")) {
return;
} else {
diff --git a/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/PWCBHandler.java b/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/PWCBHandler.java
index 9840924..f3e6640 100644
--- a/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/PWCBHandler.java
+++ b/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/PWCBHandler.java
@@ -16,7 +16,7 @@
package org.apache.rampart.samples.policy.sample01;
-import org.apache.ws.security.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -32,7 +32,7 @@
//When the server side need to authenticate the user
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
- if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+ if (pwcb.getUsage() == WSPasswordCallback.UNKNOWN) {
if(pwcb.getIdentifier().equals("alice") && pwcb.getPassword().equals("bobPW")) {
return;
} else {
diff --git a/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/PWCBHandler.java b/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/PWCBHandler.java
index 782017f..bca1341 100644
--- a/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/PWCBHandler.java
+++ b/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/PWCBHandler.java
@@ -16,7 +16,7 @@
package org.apache.rampart.samples.policy.sample02;
-import org.apache.ws.security.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
diff --git a/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/PWCBHandler.java b/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/PWCBHandler.java
index c6d6d30..7426fa7 100644
--- a/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/PWCBHandler.java
+++ b/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/PWCBHandler.java
@@ -16,7 +16,7 @@
package org.apache.rampart.samples.policy.sample03;
-import org.apache.ws.security.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
diff --git a/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/PWCBHandler.java b/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/PWCBHandler.java
index 2820d3d..ee1d439 100644
--- a/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/PWCBHandler.java
+++ b/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/PWCBHandler.java
@@ -16,7 +16,7 @@
package org.apache.rampart.samples.policy.sample04;
-import org.apache.ws.security.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
diff --git a/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java b/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java
index abaf622..a40f96b 100644
--- a/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java
+++ b/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java
@@ -36,7 +36,7 @@
import org.apache.rahas.client.STSClient;
import org.apache.rampart.RampartMessageData;
import org.apache.ws.secpolicy.SP11Constants;
-import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml.common.xml.SAMLConstants;
import java.io.FileInputStream;
import java.net.URL;
diff --git a/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/PWCBHandler.java b/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/PWCBHandler.java
index ecabc8f..349842b 100644
--- a/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/PWCBHandler.java
+++ b/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/PWCBHandler.java
@@ -16,7 +16,7 @@
package org.apache.rampart.samples.policy.sample05;
-import org.apache.ws.security.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
diff --git a/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/Client.java b/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/Client.java
index 16b9446..0471f76 100755
--- a/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/Client.java
+++ b/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/Client.java
@@ -34,7 +34,7 @@
import org.apache.rahas.TrustUtil;
import org.apache.rampart.RampartMessageData;
import org.apache.ws.secpolicy.SP11Constants;
-import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml.common.xml.SAMLConstants;
import java.io.FileInputStream;
diff --git a/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/PWCBHandler.java b/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/PWCBHandler.java
index 8a54093..61416b4 100755
--- a/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/PWCBHandler.java
+++ b/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/PWCBHandler.java
@@ -16,7 +16,7 @@
package org.apache.rampart.samples.policy.sample06;
-import org.apache.ws.security.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
diff --git a/modules/rampart-samples/policy/sample07/src/org/apache/rampart/samples/policy/sample07/PWCBHandler.java b/modules/rampart-samples/policy/sample07/src/org/apache/rampart/samples/policy/sample07/PWCBHandler.java
index c44e63e..5a58387 100644
--- a/modules/rampart-samples/policy/sample07/src/org/apache/rampart/samples/policy/sample07/PWCBHandler.java
+++ b/modules/rampart-samples/policy/sample07/src/org/apache/rampart/samples/policy/sample07/PWCBHandler.java
@@ -16,7 +16,7 @@
package org.apache.rampart.samples.policy.sample07;
-import org.apache.ws.security.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
diff --git a/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/Client.java b/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/Client.java
index e3372cf..c98a001 100644
--- a/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/Client.java
+++ b/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/Client.java
@@ -30,7 +30,7 @@
import org.apache.rahas.TrustUtil;
import org.apache.rahas.client.STSClient;
import org.apache.ws.secpolicy.SP11Constants;
-import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml.common.xml.SAMLConstants;
import java.io.FileInputStream;
import java.net.URL;
diff --git a/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/PWCBHandler.java b/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/PWCBHandler.java
index 4367075..a249527 100644
--- a/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/PWCBHandler.java
+++ b/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/PWCBHandler.java
@@ -16,7 +16,7 @@
package org.apache.rampart.samples.policy.sample08;
-import org.apache.ws.security.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
diff --git a/modules/rampart-samples/policy/sample09/src/org/apache/rampart/samples/policy/sample09/PWCBHandler.java b/modules/rampart-samples/policy/sample09/src/org/apache/rampart/samples/policy/sample09/PWCBHandler.java
index 2d62ae1..8a1ef66 100644
--- a/modules/rampart-samples/policy/sample09/src/org/apache/rampart/samples/policy/sample09/PWCBHandler.java
+++ b/modules/rampart-samples/policy/sample09/src/org/apache/rampart/samples/policy/sample09/PWCBHandler.java
@@ -18,7 +18,7 @@
*/
package org.apache.rampart.samples.policy.sample09;
-import org.apache.ws.security.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
diff --git a/modules/rampart-tests/test-resources/PWCallback.java b/modules/rampart-tests/test-resources/PWCallback.java
index 3b259a2..fc4f73d 100644
--- a/modules/rampart-tests/test-resources/PWCallback.java
+++ b/modules/rampart-tests/test-resources/PWCallback.java
@@ -17,7 +17,7 @@
package org.apache.axis2.security;
-import org.apache.ws.security.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -114,7 +114,7 @@
*/
- if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+ if (pc.getUsage() == WSPasswordCallback.UNKNOWN) {
if(pc.getIdentifier().equals("Ron") && pc.getPassword().equals("noR")) {
diff --git a/modules/rampart-trust/pom.xml b/modules/rampart-trust/pom.xml
index ae0ec58..e3f2dcb 100644
--- a/modules/rampart-trust/pom.xml
+++ b/modules/rampart-trust/pom.xml
@@ -93,7 +93,12 @@
<artifactId>opensaml-soap-impl</artifactId>
</dependency>
<dependency>
- <groupId>org.owasp.esapi</groupId>
+ <groupId>org.owasp.esapi</groupId> <exclusions>
+ <exclusion>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ </exclusion>
+ </exclusions>
<artifactId>esapi</artifactId>
<version>2.5.1.0</version>
</dependency>
@@ -101,6 +106,12 @@
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
<scope>runtime</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>xml-apis</groupId>
+ <artifactId>xml-apis</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>junit</groupId>
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java b/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
index 12fa5eb..ecb7f2a 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
@@ -26,7 +26,7 @@
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
-import org.apache.wss4j.dom.handler.WSHandlerResult;;
+import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.opensaml.saml.saml1.core.Assertion;
import org.w3c.dom.Document;
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java b/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
index fa8515c..194268a 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
@@ -26,6 +26,7 @@
import java.util.Date;
import java.util.Properties;
import java.time.LocalDate;
+import java.time.LocalDateTime;
import java.time.Instant;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
@@ -177,17 +178,15 @@
OMElement createdElem =
lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS, WSConstants.CREATED_LN));
- LocalDate localDateCreated = LocalDate.parse(createdElem.getText(), DateUtil.getDateTimeFormatter(true));
- ZonedDateTime createdDateTime = localDateCreated.atStartOfDay(ZoneOffset.UTC);
- this.created = Date.from(createdDateTime.toInstant());
+ LocalDateTime localDateCreated = LocalDateTime.parse(createdElem.getText(), DateUtil.getDateTimeFormatter(true));
+ this.created = Date.from(localDateCreated.atZone(ZoneOffset.UTC).toInstant());
OMElement expiresElem =
lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS, WSConstants.EXPIRES_LN));
- LocalDate localDateExpires = LocalDate.parse(expiresElem.getText(), DateUtil.getDateTimeFormatter(true));
- ZonedDateTime expiresDateTime = localDateExpires.atStartOfDay(ZoneOffset.UTC);
-
- this.expires = Date.from(expiresDateTime.toInstant());
+ LocalDateTime localDateExpires = LocalDateTime.parse(expiresElem.getText(), DateUtil.getDateTimeFormatter(true));
+ this.expires = Date.from(localDateExpires.atZone(ZoneOffset.UTC).toInstant());
+
} catch (OMException e) {
throw new TrustException("lifeTimeProcessingError", new String[]{lifetimeElem.toString()}, e);
} catch (Exception e) {
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
index 0ca2e1e..d230601 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
@@ -102,7 +102,7 @@
// Creation and expiration times
Instant creationTime = Instant.now();
- Instant expirationTime = Instant.ofEpochMilli(creationTime.getEpochSecond() + tokenIssuerConfiguration.getTtl());
+ Instant expirationTime = creationTime.plusMillis(tokenIssuerConfiguration.getTtl());
// Get the document
Document doc = ((Element) env).getOwnerDocument();
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java
index 9910585..ddae36f 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java
@@ -18,6 +18,7 @@
import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.util.UIDGenerator;
import org.apache.axis2.description.Parameter;
import org.apache.rahas.RahasConstants;
import org.apache.rahas.RahasData;
@@ -108,6 +109,9 @@
SecurityContextToken sct =
new SecurityContextToken(this.getWSCVersion(data.getTokenType()), doc);
+
+ // It appears WSS4J no longer includes an Id for SecurityContextToken automatically
+ sct.setID(UIDGenerator.generateUID());
OMElement rstrElem;
if (wstVersion == RahasConstants.VERSION_05_12) {
diff --git a/pom.xml b/pom.xml
index 0cec20e..67c65f9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -601,7 +601,7 @@
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-jcl</artifactId>
- <version>2.20.0</version>
+ <version>1.7.36</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
