Updating to WSS4J 4.0.0

apache · Oct 17, 2023 · d00f745 · d00f745
1 parent d17fe34
commit d00f745
Show file tree

Hide file tree

Showing 9 changed files with 16 additions and 12 deletions.
diff --git a/parent/pom.xml b/parent/pom.xml
@@ -235,7 +235,7 @@
         <cxf.woodstox.core.version>6.5.1</cxf.woodstox.core.version>
         <cxf.woodstox.stax2-api.version>4.2.1</cxf.woodstox.stax2-api.version>
         <cxf.wsdl4j.version>1.6.3</cxf.wsdl4j.version>
-        <cxf.jakarta.wss4j.version>3.0.1</cxf.jakarta.wss4j.version>
+        <cxf.jakarta.wss4j.version>4.0.0-SNAPSHOT</cxf.jakarta.wss4j.version>
         <cxf.xmlschema.version>2.3.1</cxf.xmlschema.version>
         <cxf.xnio.version>3.8.11.Final</cxf.xnio.version>
         <cxf.zest.version>2.1</cxf.zest.version>

diff --git a/.../oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java b/.../oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
@@ -98,7 +98,7 @@ private void validateAudience(Message message, Conditions cs) {
         for (AudienceRestriction ar : restrictions) {
             List<Audience> audiences = ar.getAudiences();
             for (Audience a : audiences) {
-                if (absoluteAddress.equals(a.getAudienceURI())) {
+                if (absoluteAddress.equals(a.getURI())) {
                     return;
                 }
             }

diff --git a/.../sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java b/.../sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -295,7 +295,7 @@ private boolean matchSaml2AudienceRestriction(
                 if (audienceRestriction.getAudiences() != null) {
                     boolean matchFound = false;
                     for (org.opensaml.saml.saml2.core.Audience audience : audienceRestriction.getAudiences()) {
-                        if (appliesTo.equals(audience.getAudienceURI())) {
+                        if (appliesTo.equals(audience.getURI())) {
                             matchFound = true;
                             oneMatchFound = true;
                             break;

diff --git a/.../saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlpRequestComponentBuilder.java b/.../saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlpRequestComponentBuilder.java
@@ -192,7 +192,7 @@ public static AuthnContextClassRef createAuthnCtxClassRef(
                 builderFactory.getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
         }
         AuthnContextClassRef authnCtxClassRef = requestedAuthnCtxClassRefBuilder.buildObject();
-        authnCtxClassRef.setAuthnContextClassRef(authnCtxClassRefValue);
+        authnCtxClassRef.setURI(authnCtxClassRefValue);
 
         return authnCtxClassRef;
     }

diff --git a/...sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java b/...sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java
@@ -286,7 +286,9 @@ public void testResponseModifiedSignedAssertion() throws Exception {
             DOMUtils.findAllElementsByTagNameNS(policyElement, SAMLConstants.SAML20_NS, "Assertion");
         assertNotNull(assertions);
         assertTrue(assertions.size() == 1);
-        assertions.get(0).setAttributeNS(null, "newattr", "http://apache.org");
+        Thread.sleep(1000L);
+        Instant issueInstant = Instant.now();
+        assertions.get(0).setAttributeNS(null, "IssueInstant", issueInstant.toString());
 
         Response marshalledResponse = (Response)OpenSAMLUtil.fromDom(policyElement);
 
@@ -395,7 +397,9 @@ public void testModifiedSignedResponse() throws Exception {
         doc.appendChild(policyElement);
         assertNotNull(policyElement);
 
-        policyElement.setAttributeNS(null, "newattr", "http://apache.org");
+        Thread.sleep(1000L);
+        Instant issueInstant = Instant.now();
+        policyElement.setAttributeNS(null, "IssueInstant", issueInstant.toString());
 
         Response marshalledResponse = (Response)OpenSAMLUtil.fromDom(policyElement);
 

diff --git a/...saml/src/main/java/org/apache/cxf/rt/security/saml/xacml2/DefaultXACMLRequestBuilder.java b/...saml/src/main/java/org/apache/cxf/rt/security/saml/xacml2/DefaultXACMLRequestBuilder.java
@@ -27,7 +27,7 @@
 
 import javax.xml.namespace.QName;
 
-import net.shibboleth.utilities.java.support.xml.DOMTypeSupport;
+import net.shibboleth.shared.xml.DOMTypeSupport;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.rt.security.saml.xacml.CXFMessageParser;
 import org.apache.cxf.rt.security.saml.xacml.XACMLConstants;

diff --git a/...aml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/RequestComponentBuilderTest.java b/...aml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/RequestComponentBuilderTest.java
@@ -31,7 +31,7 @@
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-import net.shibboleth.utilities.java.support.xml.DOMTypeSupport;
+import net.shibboleth.shared.xml.DOMTypeSupport;
 import org.apache.cxf.rt.security.saml.xacml.XACMLConstants;
 import org.apache.wss4j.common.saml.OpenSAMLUtil;
 import org.opensaml.xacml.ctx.ActionType;

diff --git a/...sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java b/...sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
@@ -124,14 +124,14 @@ protected List<String> getAudienceRestrictions(SamlAssertionWrapper assertion) {
             for (AudienceRestrictionCondition restriction
                 : assertion.getSaml1().getConditions().getAudienceRestrictionConditions()) {
                 for (org.opensaml.saml.saml1.core.Audience audience : restriction.getAudiences()) {
-                    addresses.add(audience.getUri());
+                    addresses.add(audience.getURI());
                 }
             }
         } else if (assertion.getSaml2() != null) {
             for (org.opensaml.saml.saml2.core.AudienceRestriction restriction
                 : assertion.getSaml2().getConditions().getAudienceRestrictions()) {
                 for (org.opensaml.saml.saml2.core.Audience audience : restriction.getAudiences()) {
-                    addresses.add(audience.getAudienceURI());
+                    addresses.add(audience.getURI());
                 }
             }
         }

diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
@@ -390,7 +390,7 @@ private boolean matchSaml1AudienceRestriction(
             for (AudienceRestrictionCondition restrCondition : restrConditions) {
                 if (restrCondition.getAudiences() != null) {
                     for (Audience audience : restrCondition.getAudiences()) {
-                        if (appliesTo.equals(audience.getUri())) {
+                        if (appliesTo.equals(audience.getURI())) {
                             return true;
                         }
                     }
@@ -409,7 +409,7 @@ private boolean matchSaml2AudienceRestriction(
             for (AudienceRestriction audienceRestriction : audienceRestrictions) {
                 if (audienceRestriction.getAudiences() != null) {
                     for (org.opensaml.saml.saml2.core.Audience audience : audienceRestriction.getAudiences()) {
-                        if (appliesTo.equals(audience.getAudienceURI())) {
+                        if (appliesTo.equals(audience.getURI())) {
                             return true;
                         }
                     }