This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch coheigea/saml-refactor-new
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
commit 98ac9ab82c3df9e996a7ef10300b21bcf19f49f5
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Tue Jul 15 12:00:54 2025 +0100
Adding new ws-security-stax-saml module and making the output processor
pluggable
---
.../wss4j/api/stax/ext/WSSSecurityProperties.java | 52 ++++++++++
.../WSSSignatureEndingOutputProcessor.java | 6 +-
.../processor}/WSSSignatureOutputProcessor.java | 7 +-
ws-security-stax-saml/pom.xml | 106 +++++++++++++++++++++
.../processor/output/SAMLTokenOutputProcessor.java | 16 +++-
...rg.apache.xml.security.stax.ext.OutputProcessor | 1 +
ws-security-stax/pom.xml | 7 ++
.../output/BinarySecurityTokenOutputProcessor.java | 1 +
.../output/CustomTokenOutputProcessor.java | 1 +
.../output/EncryptedKeyOutputProcessor.java | 1 +
.../SecurityContextTokenOutputProcessor.java | 1 +
.../SignatureConfirmationOutputProcessor.java | 1 +
.../processor/output/TimestampOutputProcessor.java | 1 +
.../output/UsernameTokenOutputProcessor.java | 3 +
.../org/apache/wss4j/stax/setup/OutboundWSSec.java | 8 +-
15 files changed, 196 insertions(+), 16 deletions(-)
diff --git
a/ws-security-api-stax/src/main/java/org/apache/wss4j/api/stax/ext/WSSSecurityProperties.java
b/ws-security-api-stax/src/main/java/org/apache/wss4j/api/stax/ext/WSSSecurityProperties.java
index 6da67242f..e74244025 100644
---
a/ws-security-api-stax/src/main/java/org/apache/wss4j/api/stax/ext/WSSSecurityProperties.java
+++
b/ws-security-api-stax/src/main/java/org/apache/wss4j/api/stax/ext/WSSSecurityProperties.java
@@ -45,6 +45,8 @@ import org.apache.wss4j.common.crypto.PasswordEncryptor;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.api.stax.securityToken.WSSecurityTokenConstants;
import org.apache.wss4j.api.stax.validate.Validator;
+import org.apache.xml.security.stax.ext.OutputProcessor;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
/**
@@ -54,6 +56,31 @@ import
org.apache.xml.security.stax.ext.XMLSecurityProperties;
*/
public class WSSSecurityProperties extends XMLSecurityProperties {
+ private static final org.slf4j.Logger LOG =
+ org.slf4j.LoggerFactory.getLogger(WSSSecurityProperties.class);
+
+ /**
+ * The default collection of Output Processors supported by the toolkit
+ *
+ * Instead of hard-coding, you can use Java's ServiceLoader mechanism to
discover implementations
+ * at runtime. Each implementation should be registered in
+ * META-INF/services/org.apache.xml.security.stax.ext.OutputProcessor with
its fully qualified class name.
+ *
+ */
+ private static final Map<XMLSecurityConstants.Action, Class<?>>
DEFAULT_OUTPUT_PROCESSORS;
+ static {
+ final Map<XMLSecurityConstants.Action, Class<?>> tmp = new HashMap<>();
+ try {
+ java.util.ServiceLoader<OutputProcessor> loader =
java.util.ServiceLoader.load(OutputProcessor.class);
+ for (OutputProcessor outputProcessor : loader) {
+ tmp.put(outputProcessor.getAction(),
outputProcessor.getClass());
+ }
+ } catch (final Exception ex) {
+ LOG.debug(ex.getMessage(), ex);
+ }
+ DEFAULT_OUTPUT_PROCESSORS = java.util.Collections.unmodifiableMap(tmp);
+ }
+
private boolean mustUnderstand = true;
private String actor;
private CallbackHandler callbackHandler;
@@ -969,4 +996,29 @@ public class WSSSecurityProperties extends
XMLSecurityProperties {
public void setDocumentCreator(DocumentCreator documentCreator) {
this.documentCreator = documentCreator;
}
+
+ /**
+ * Lookup OutputProcessor for the given action.
+ *
+ * @param action
+ * @return An OutputProcessor to create a security token
+ * @throws WSSecurityException
+ */
+ public OutputProcessor getOutputProcessor(XMLSecurityConstants.Action
action) throws WSSecurityException {
+ final Object actionObject = DEFAULT_OUTPUT_PROCESSORS.get(action);
+
+ if (actionObject instanceof Class<?>) {
+ try {
+ return
(OutputProcessor)((Class<?>)actionObject).getDeclaredConstructor().newInstance();
+ } catch (Exception ex) {
+ LOG.debug(ex.getMessage(), ex);
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex,
+ "unableToLoadClass", new Object[]
{((Class<?>)actionObject).getName()});
+ }
+ } else if (actionObject instanceof OutputProcessor) {
+ return (OutputProcessor)actionObject;
+ }
+ return null;
+ }
+
}
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
b/ws-security-api-stax/src/main/java/org/apache/wss4j/api/stax/processor/WSSSignatureEndingOutputProcessor.java
similarity index 98%
rename from
ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
rename to
ws-security-api-stax/src/main/java/org/apache/wss4j/api/stax/processor/WSSSignatureEndingOutputProcessor.java
index acb36c6dc..bb664edb6 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
+++
b/ws-security-api-stax/src/main/java/org/apache/wss4j/api/stax/processor/WSSSignatureEndingOutputProcessor.java
@@ -16,12 +16,11 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.wss4j.stax.impl.processor.output;
+package org.apache.wss4j.api.stax.processor;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.api.stax.ext.WSSConstants;
import org.apache.wss4j.api.stax.ext.WSSSecurityProperties;
-import org.apache.wss4j.api.stax.processor.OutputProcessorUtils;
import org.apache.wss4j.api.stax.SecurityHeaderOrder;
import org.apache.wss4j.api.stax.securityToken.WSSecurityTokenConstants;
import org.apache.wss4j.api.stax.utils.WSSUtils;
@@ -49,10 +48,9 @@ public class WSSSignatureEndingOutputProcessor extends
AbstractSignatureEndingOu
private SignedInfoProcessor signedInfoProcessor;
- public WSSSignatureEndingOutputProcessor(WSSSignatureOutputProcessor
signatureOutputProcessor) throws XMLSecurityException {
+ WSSSignatureEndingOutputProcessor(WSSSignatureOutputProcessor
signatureOutputProcessor) throws XMLSecurityException {
super(signatureOutputProcessor);
this.addAfterProcessor(WSSSignatureOutputProcessor.class);
- this.addAfterProcessor(UsernameTokenOutputProcessor.class);
}
@Override
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java
b/ws-security-api-stax/src/main/java/org/apache/wss4j/api/stax/processor/WSSSignatureOutputProcessor.java
similarity index 98%
rename from
ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java
rename to
ws-security-api-stax/src/main/java/org/apache/wss4j/api/stax/processor/WSSSignatureOutputProcessor.java
index fc475d0ed..c91bbff75 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java
+++
b/ws-security-api-stax/src/main/java/org/apache/wss4j/api/stax/processor/WSSSignatureOutputProcessor.java
@@ -16,7 +16,7 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.wss4j.stax.impl.processor.output;
+package org.apache.wss4j.api.stax.processor;
import java.io.BufferedInputStream;
import java.io.IOException;
@@ -40,7 +40,6 @@ import org.apache.wss4j.common.util.AttachmentUtils;
import org.apache.wss4j.api.stax.ext.WSSConstants;
import org.apache.wss4j.api.stax.ext.WSSSecurePart;
import org.apache.wss4j.api.stax.ext.WSSSecurityProperties;
-import
org.apache.wss4j.stax.impl.transformer.AttachmentContentSignatureTransform;
import org.apache.wss4j.api.stax.utils.WSSUtils;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.OutputProcessorChain;
@@ -60,6 +59,7 @@ public class WSSSignatureOutputProcessor extends
AbstractSignatureOutputProcesso
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(WSSSignatureOutputProcessor.class);
+ private static final String ATTACHMENT = "attachment";
public WSSSignatureOutputProcessor() throws XMLSecurityException {
super();
@@ -209,8 +209,7 @@ public class WSSSignatureOutputProcessor extends
AbstractSignatureOutputProcesso
Transformer transformer =
buildTransformerChain(digestOutputStream, signaturePartDef, null);
Map<String, Object> transformerProperties = new
HashMap<>(2);
- transformerProperties.put(
-
AttachmentContentSignatureTransform.ATTACHMENT, attachment);
+ transformerProperties.put(ATTACHMENT, attachment);
transformer.setProperties(transformerProperties);
transformer.transform(inputStream);
transformer.doFinal();
diff --git a/ws-security-stax-saml/pom.xml b/ws-security-stax-saml/pom.xml
new file mode 100644
index 000000000..8cf616953
--- /dev/null
+++ b/ws-security-stax-saml/pom.xml
@@ -0,0 +1,106 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd";>
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.apache.wss4j</groupId>
+ <artifactId>wss4j-parent</artifactId>
+ <relativePath>../parent/pom.xml</relativePath>
+ <version>4.0.1-SNAPSHOT</version>
+ </parent>
+ <artifactId>wss4j-ws-security-stax-saml</artifactId>
+ <name>Apache WSS4J WS-Security SAML StAX implementation</name>
+
+ <properties>
+ <wss4j.osgi.import>
+ net.shibboleth*;resolution:=optional,
+ com.sun.security.jgss*;resolution:=optional
+ </wss4j.osgi.import>
+ <wss4j.module.name>org.apache.wss4j.stax.saml</wss4j.module.name>
+ </properties>
+
+ <build>
+ <sourceDirectory>${basedir}/src/main/java</sourceDirectory>
+ <testSourceDirectory>${basedir}/src/test/java</testSourceDirectory>
+ <resources>
+ <resource>
+ <directory>src/main/java</directory>
+ <excludes>
+ <exclude>**/*.java</exclude>
+ </excludes>
+ </resource>
+ <resource>
+ <directory>src/main/resources</directory>
+ <includes>
+ <include>**/*</include>
+ </includes>
+ </resource>
+ </resources>
+ <testResources>
+ <testResource>
+ <directory>src/test/java</directory>
+ <excludes>
+ <exclude>**/*.java</exclude>
+ </excludes>
+ </testResource>
+ <testResource>
+ <directory>src/test/resources</directory>
+ <includes>
+ <include>**/*</include>
+ </includes>
+ </testResource>
+ </testResources>
+
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <executions>
+ <execution>
+ <goals>
+ <goal>test-jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.wss4j</groupId>
+ <artifactId>wss4j-ws-security-dom-saml</artifactId>
+ <version>${project.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.wss4j</groupId>
+ <artifactId>wss4j-ws-security-api-stax</artifactId>
+ <version>${project.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
b/ws-security-stax-saml/src/main/java/org/apache/wss4j/stax/saml/impl/processor/output/SAMLTokenOutputProcessor.java
similarity index 97%
rename from
ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
rename to
ws-security-stax-saml/src/main/java/org/apache/wss4j/stax/saml/impl/processor/output/SAMLTokenOutputProcessor.java
index da9fb2f1c..42b856afa 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
+++
b/ws-security-stax-saml/src/main/java/org/apache/wss4j/stax/saml/impl/processor/output/SAMLTokenOutputProcessor.java
@@ -16,7 +16,7 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.wss4j.stax.impl.processor.output;
+package org.apache.wss4j.stax.saml.impl.processor.output;
import java.security.Key;
import java.security.PrivateKey;
@@ -44,6 +44,7 @@ import org.apache.wss4j.api.stax.ext.WSSConstants;
import org.apache.wss4j.api.stax.ext.WSSSecurePart;
import org.apache.wss4j.api.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.api.stax.processor.OutputProcessorUtils;
+import org.apache.wss4j.api.stax.processor.WSSSignatureOutputProcessor;
import org.apache.wss4j.api.stax.securityEvent.WSSecurityEventConstants;
import org.apache.wss4j.api.stax.securityToken.WSSecurityTokenConstants;
import org.apache.wss4j.api.stax.utils.WSSUtils;
@@ -71,10 +72,19 @@ public class SAMLTokenOutputProcessor extends
AbstractOutputProcessor {
public SAMLTokenOutputProcessor() throws XMLSecurityException {
super();
- addBeforeProcessor(BinarySecurityTokenOutputProcessor.class);
+ //addBeforeProcessor(BinarySecurityTokenOutputProcessor.class);
addBeforeProcessor(WSSSignatureOutputProcessor.class);
}
+ @Override
+ public XMLSecurityConstants.Action getAction() {
+ if (super.getAction() != null) {
+ return super.getAction();
+ }
+ // default action is SAML token signed
+ return WSSConstants.SAML_TOKEN_SIGNED;
+ }
+
@Override
public void processEvent(XMLSecEvent xmlSecEvent, final
OutputProcessorChain outputProcessorChain)
throws XMLStreamException, XMLSecurityException {
@@ -435,7 +445,7 @@ public class SAMLTokenOutputProcessor extends
AbstractOutputProcessor {
String securityTokenReferenceId, boolean
senderVouches,
boolean includeSTR) throws
XMLSecurityException {
super();
- this.addAfterProcessor(UsernameTokenOutputProcessor.class);
+ //this.addAfterProcessor(UsernameTokenOutputProcessor.class);
this.addAfterProcessor(SAMLTokenOutputProcessor.class);
this.addBeforeProcessor(WSSSignatureOutputProcessor.class);
this.samlAssertionWrapper = samlAssertionWrapper;
diff --git
a/ws-security-stax-saml/src/main/resources/META-INF/services/org.apache.xml.security.stax.ext.OutputProcessor
b/ws-security-stax-saml/src/main/resources/META-INF/services/org.apache.xml.security.stax.ext.OutputProcessor
new file mode 100644
index 000000000..736ffdb24
--- /dev/null
+++
b/ws-security-stax-saml/src/main/resources/META-INF/services/org.apache.xml.security.stax.ext.OutputProcessor
@@ -0,0 +1 @@
+org.apache.wss4j.stax.saml.impl.processor.output.SAMLTokenOutputProcessor
diff --git a/ws-security-stax/pom.xml b/ws-security-stax/pom.xml
index 27b4e4fdb..da189b183 100644
--- a/ws-security-stax/pom.xml
+++ b/ws-security-stax/pom.xml
@@ -71,6 +71,13 @@
<version>${project.version}</version>
<scope>test</scope>
</dependency>
+ <!-- TODO remove when tests move to SAML module -->
+ <dependency>
+ <groupId>org.apache.wss4j</groupId>
+ <artifactId>wss4j-ws-security-stax-saml</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
<dependency>
<groupId>org.apache.wss4j</groupId>
<artifactId>wss4j-ws-security-common</artifactId>
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
index efb61a601..4ba66e353 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
@@ -27,6 +27,7 @@ import javax.xml.stream.XMLStreamException;
import org.apache.wss4j.api.stax.ext.WSSConstants;
import org.apache.wss4j.api.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.api.stax.processor.OutputProcessorUtils;
+import org.apache.wss4j.api.stax.processor.WSSSignatureOutputProcessor;
import org.apache.wss4j.stax.impl.securityToken.KerberosClientSecurityToken;
import org.apache.wss4j.api.stax.securityToken.WSSecurityTokenConstants;
import org.apache.wss4j.api.stax.utils.WSSUtils;
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java
index 2f03a1ef3..4ef0dfa61 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java
@@ -29,6 +29,7 @@ import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.api.stax.ext.WSSConstants;
import org.apache.wss4j.api.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.api.stax.processor.OutputProcessorUtils;
+import org.apache.wss4j.api.stax.processor.WSSSignatureOutputProcessor;
import org.apache.wss4j.api.stax.utils.WSSUtils;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.AbstractOutputProcessor;
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
index 3656de0ad..3ff03806e 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
@@ -45,6 +45,7 @@ import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.api.stax.ext.WSSConstants;
import org.apache.wss4j.api.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.api.stax.processor.OutputProcessorUtils;
+import org.apache.wss4j.api.stax.processor.WSSSignatureOutputProcessor;
import org.apache.wss4j.api.stax.securityToken.WSSecurityTokenConstants;
import org.apache.wss4j.api.stax.utils.WSSUtils;
import org.apache.xml.security.exceptions.XMLSecurityException;
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
index c98b6c6d1..8631297b2 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
@@ -31,6 +31,7 @@ import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.api.stax.ext.WSSConstants;
import org.apache.wss4j.api.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.api.stax.processor.OutputProcessorUtils;
+import org.apache.wss4j.api.stax.processor.WSSSignatureOutputProcessor;
import org.apache.wss4j.api.stax.securityToken.WSSecurityTokenConstants;
import org.apache.wss4j.api.stax.utils.WSSUtils;
import org.apache.xml.security.exceptions.XMLSecurityException;
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SignatureConfirmationOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SignatureConfirmationOutputProcessor.java
index e13621098..aa443754c 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SignatureConfirmationOutputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SignatureConfirmationOutputProcessor.java
@@ -27,6 +27,7 @@ import javax.xml.stream.XMLStreamException;
import org.apache.wss4j.api.stax.ext.WSSConstants;
import org.apache.wss4j.api.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.api.stax.processor.OutputProcessorUtils;
+import org.apache.wss4j.api.stax.processor.WSSSignatureOutputProcessor;
import org.apache.wss4j.api.stax.utils.WSSUtils;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.AbstractOutputProcessor;
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/TimestampOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/TimestampOutputProcessor.java
index 71312d0fa..81f82f7b7 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/TimestampOutputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/TimestampOutputProcessor.java
@@ -29,6 +29,7 @@ import org.apache.wss4j.common.util.DateUtil;
import org.apache.wss4j.api.stax.ext.WSSConstants;
import org.apache.wss4j.api.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.api.stax.processor.OutputProcessorUtils;
+import org.apache.wss4j.api.stax.processor.WSSSignatureOutputProcessor;
import org.apache.wss4j.api.stax.utils.WSSUtils;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.AbstractOutputProcessor;
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
index b78c39b1b..6fcf98fb3 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
@@ -25,6 +25,8 @@ import org.apache.wss4j.common.util.UsernameTokenUtil;
import org.apache.wss4j.api.stax.ext.WSSConstants;
import org.apache.wss4j.api.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.api.stax.processor.OutputProcessorUtils;
+import org.apache.wss4j.api.stax.processor.WSSSignatureEndingOutputProcessor;
+import org.apache.wss4j.api.stax.processor.WSSSignatureOutputProcessor;
import org.apache.wss4j.stax.impl.securityToken.OutboundUsernameSecurityToken;
import org.apache.wss4j.api.stax.utils.WSSUtils;
import org.apache.xml.security.exceptions.XMLSecurityException;
@@ -50,6 +52,7 @@ public class UsernameTokenOutputProcessor extends
AbstractOutputProcessor {
public UsernameTokenOutputProcessor() throws XMLSecurityException {
super();
addBeforeProcessor(WSSSignatureOutputProcessor.class);
+ addBeforeProcessor(WSSSignatureEndingOutputProcessor.class);
addBeforeProcessor(EncryptOutputProcessor.class);
}
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java
index eb7fbb52d..09ab98ce9 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java
@@ -37,6 +37,7 @@ import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.ext.DocumentCreatorImpl;
import org.apache.wss4j.api.stax.ext.WSSConstants;
import org.apache.wss4j.api.stax.ext.WSSSecurityProperties;
+import org.apache.wss4j.api.stax.processor.WSSSignatureOutputProcessor;
import
org.apache.wss4j.stax.impl.processor.output.BinarySecurityTokenOutputProcessor;
import org.apache.wss4j.stax.impl.processor.output.CustomTokenOutputProcessor;
import
org.apache.wss4j.stax.impl.processor.output.DerivedKeyTokenOutputProcessor;
@@ -44,14 +45,12 @@ import
org.apache.wss4j.stax.impl.processor.output.EncryptEndingOutputProcessor;
import org.apache.wss4j.stax.impl.processor.output.EncryptOutputProcessor;
import org.apache.wss4j.stax.impl.processor.output.EncryptedKeyOutputProcessor;
import
org.apache.wss4j.stax.impl.processor.output.ReferenceListOutputProcessor;
-import org.apache.wss4j.stax.impl.processor.output.SAMLTokenOutputProcessor;
import
org.apache.wss4j.stax.impl.processor.output.SecurityContextTokenOutputProcessor;
import
org.apache.wss4j.stax.impl.processor.output.SecurityHeaderOutputProcessor;
import
org.apache.wss4j.stax.impl.processor.output.SecurityHeaderReorderProcessor;
import
org.apache.wss4j.stax.impl.processor.output.SignatureConfirmationOutputProcessor;
import org.apache.wss4j.stax.impl.processor.output.TimestampOutputProcessor;
import
org.apache.wss4j.stax.impl.processor.output.UsernameTokenOutputProcessor;
-import org.apache.wss4j.stax.impl.processor.output.WSSSignatureOutputProcessor;
import org.apache.wss4j.stax.impl.securityToken.KerberosClientSecurityToken;
import org.apache.wss4j.api.stax.securityToken.WSSecurityTokenConstants;
import org.apache.wss4j.api.stax.utils.WSSUtils;
@@ -234,7 +233,6 @@ public class OutboundWSSec {
outputProcessor.addAfterProcessor(SignatureConfirmationOutputProcessor.class);
outputProcessor.addAfterProcessor(CustomTokenOutputProcessor.class);
outputProcessor.addAfterProcessor(BinarySecurityTokenOutputProcessor.class);
- outputProcessor.addAfterProcessor(SAMLTokenOutputProcessor.class);
}
outputProcessor.setXMLSecurityProperties(securityProperties);
outputProcessor.setAction(action, actionOrder);
@@ -706,7 +704,7 @@ public class OutboundWSSec {
new BinarySecurityTokenOutputProcessor();
initializeOutputProcessor(outputProcessorChain,
binarySecurityTokenOutputProcessor, action, -1);
- final SAMLTokenOutputProcessor samlTokenOutputProcessor = new
SAMLTokenOutputProcessor();
+ final OutputProcessor samlTokenOutputProcessor =
securityProperties.getOutputProcessor(WSSConstants.SAML_TOKEN_SIGNED);
initializeOutputProcessor(outputProcessorChain,
samlTokenOutputProcessor, action, -1);
final WSSSignatureOutputProcessor signatureOutputProcessor =
new WSSSignatureOutputProcessor();
@@ -721,7 +719,7 @@ public class OutboundWSSec {
}
} else if (WSSConstants.SAML_TOKEN_UNSIGNED.equals(action)) {
- final SAMLTokenOutputProcessor samlTokenOutputProcessor = new
SAMLTokenOutputProcessor();
+ final OutputProcessor samlTokenOutputProcessor =
securityProperties.getOutputProcessor(WSSConstants.SAML_TOKEN_SIGNED);
initializeOutputProcessor(outputProcessorChain,
samlTokenOutputProcessor, action, -1);
if (securityProperties.getDocumentCreator() == null) {
