SWS-711 - Upgrade to wss4j 1.6

Author: poutsma

parent/pom.xml

@@ -526,15 +526,11 @@
             <dependency>
                 <groupId>org.apache.ws.security</groupId>
                 <artifactId>wss4j</artifactId>
-                <version>1.5.8</version>
+                <version>1.6.5</version>
                 <exclusions>
                     <exclusion>
-                        <groupId>axis</groupId>
-                        <artifactId>axis</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>axis</groupId>
-                        <artifactId>axis-ant</artifactId>
+                        <groupId>xalan</groupId>
+                        <artifactId>xalan</artifactId>
                     </exclusion>
                     <exclusion>
                         <groupId>xerces</groupId>
@@ -544,10 +540,6 @@
                         <groupId>xml-apis</groupId>
                         <artifactId>xml-apis</artifactId>
                     </exclusion>
-                    <exclusion>
-                        <groupId>junit</groupId>
-                        <artifactId>junit</artifactId>
-                    </exclusion>
                 </exclusions>
             </dependency>
             <!-- Spring Security -->

security/src/main/java/org/springframework/ws/soap/security/support/KeyStoreUtils.java

@@ -1,11 +1,11 @@
 /*
- * Copyright 2008 the original author or authors.
+ * Copyright 2005-2012 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -68,7 +68,7 @@ public static KeyStore loadDefaultKeyStore() throws GeneralSecurityException, IO
         factoryBean.setPassword(password);
         factoryBean.setType(type);
         factoryBean.afterPropertiesSet();
-        return (KeyStore) factoryBean.getObject();
+        return factoryBean.getObject();
     }
 
     /**
@@ -117,7 +117,7 @@ public static KeyStore loadDefaultTrustStore() throws GeneralSecurityException,
         factoryBean.setPassword(password);
         factoryBean.setType(type);
         factoryBean.afterPropertiesSet();
-        return (KeyStore) factoryBean.getObject();
+        return factoryBean.getObject();
     }
 
 }

security/src/main/java/org/springframework/ws/soap/security/wss4j/Wss4jHandler.java

@@ -1,11 +1,11 @@
 /*
- * Copyright 2005-2010 the original author or authors.
+ * Copyright 2005-2012 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -16,26 +16,19 @@
 
 package org.springframework.ws.soap.security.wss4j;
 
-import java.io.IOException;
-import java.security.cert.X509Certificate;
+import java.util.List;
 import java.util.Properties;
-import java.util.Vector;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.UnsupportedCallbackException;
 
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSPasswordCallback;
+import org.springframework.ws.context.MessageContext;
+
+import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.handler.WSHandler;
 import org.apache.ws.security.handler.WSHandlerConstants;
-import org.apache.ws.security.message.token.Timestamp;
 import org.w3c.dom.Document;
 
-import org.springframework.ws.context.MessageContext;
-
 /**
  * @author Tareq Abed Rabbo
  * @author Arjen Poutsma
@@ -46,8 +39,6 @@ class Wss4jHandler extends WSHandler {
     /** Keys are constants from {@link WSHandlerConstants}; values are strings. */
     private Properties options = new Properties();
 
-    private CallbackHandler securementCallbackHandler;
-
     private String securementPassword;
 
     private Crypto securementEncryptionCrypto;
@@ -61,12 +52,7 @@ class Wss4jHandler extends WSHandler {
     }
 
     @Override
-    protected boolean checkReceiverResults(Vector wsResult, Vector actions) {
-        return super.checkReceiverResults(wsResult, actions);
-    }
-
-    @Override
-    protected boolean checkReceiverResultsAnyOrder(Vector wsResult, Vector actions) {
+    protected boolean checkReceiverResultsAnyOrder(List<WSSecurityEngineResult> wsResult, List<Integer> actions) {
         return super.checkReceiverResultsAnyOrder(wsResult, actions);
     }
 
@@ -83,10 +69,6 @@ public Object getOption(String key) {
         return options.getProperty(key);
     }
 
-    void setSecurementCallbackHandler(CallbackHandler securementCallbackHandler) {
-        this.securementCallbackHandler = securementCallbackHandler;
-    }
-
     void setSecurementPassword(String securementPassword) {
         this.securementPassword = securementPassword;
     }
@@ -99,48 +81,6 @@ void setSecurementSignatureCrypto(Crypto securementSignatureCrypto) {
         this.securementSignatureCrypto = securementSignatureCrypto;
     }
 
-    /** Gets the password first from securementCallbackHandler, then from securementPassword if not found. */
-    @Override
-    public WSPasswordCallback getPassword(String username,
-                                          int doAction,
-                                          String clsProp,
-                                          String refProp,
-                                          RequestData reqData) {
-        WSPasswordCallback callback;
-        if (securementCallbackHandler != null) {
-            int reason = 0;
-
-            switch (doAction) {
-                case WSConstants.UT:
-                case WSConstants.UT_SIGN:
-                    reason = WSPasswordCallback.USERNAME_TOKEN;
-                    break;
-                case WSConstants.SIGN:
-                    reason = WSPasswordCallback.SIGNATURE;
-                    break;
-                case WSConstants.ENCR:
-                    reason = WSPasswordCallback.KEY_NAME;
-                    break;
-            }
-            callback = new WSPasswordCallback(username, reason);
-            Callback[] callbacks = new Callback[]{callback};
-            try {
-                securementCallbackHandler.handle(callbacks);
-            }
-            catch (UnsupportedCallbackException ex) {
-                throw new Wss4jSecuritySecurementException(ex.getMessage(), ex);
-            }
-            catch (IOException ex) {
-                throw new Wss4jSecuritySecurementException(ex.getMessage(), ex);
-            }
-        }
-        else {
-            callback = new WSPasswordCallback(username, WSPasswordCallback.UNKNOWN);
-            callback.setPassword(securementPassword);
-        }
-        return callback;
-    }
-
     @Override
     public String getPassword(Object msgContext) {
         return securementPassword;
@@ -172,18 +112,11 @@ public void setProperty(Object msgContext, String key, Object value) {
     }
 
     @Override
-    protected void doSenderAction(int doAction, Document doc, RequestData reqData, Vector actions, boolean isRequest)
-            throws WSSecurityException {
+    protected void doSenderAction(int doAction,
+                                  Document doc,
+                                  RequestData reqData,
+                                  List<Integer> actions,
+                                  boolean isRequest) throws WSSecurityException {
         super.doSenderAction(doAction, doc, reqData, actions, isRequest);
     }
-
-    @Override
-    protected boolean verifyTimestamp(Timestamp timestamp, int timeToLive) throws WSSecurityException {
-        return super.verifyTimestamp(timestamp, timeToLive);
-    }
-
-    @Override
-    protected boolean verifyTrust(X509Certificate cert, RequestData reqData) throws WSSecurityException {
-        return super.verifyTrust(cert, reqData);
-    }
 }