(axis-axis2-java-rampart) branch master updated (ea5f193f -> 49160c5c)

2023-10-27 Thread robertlazarski 
This is an automated email from the ASF dual-hosted git repository.

robertlazarski pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git


from ea5f193f Merge pull request #8 from 
bill-looby/use-explicit-symmetric-key
 new de4abaa6 Need to extend the class that can be correctly cast for 
validation usage
 new b545fa66 Need to extend the class that can be correctly cast for 
validation usage
 new 3354b7a8 Restore copyright accidentally deleted
 new 6bc71c2d Restore copyright accidentally deleted
 new 49160c5c Merge pull request #9 from 
bill-looby/use-correct-token-validator

The 1062 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../handler/RampartUsernameTokenValidator.java   | 20 
 1 file changed, 8 insertions(+), 12 deletions(-)

(axis-axis2-java-rampart) branch master updated: re-introduced simple filtering of results instead of security header validation

2023-10-27 Thread robertlazarski 
This is an automated email from the ASF dual-hosted git repository.

robertlazarski pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git


The following commit(s) were added to refs/heads/master by this push:
 new 4cac1a52 re-introduced simple filtering of results instead of security 
header validation
 new 986430e2 Merge pull request #10 from 
bill-looby/avoid-extra-header-validation
4cac1a52 is described below

commit 4cac1a5245826ca39ff685d404ed47a2798671f9
Author: Bill Looby 
AuthorDate: Mon Oct 23 00:16:32 2023 +0100

re-introduced simple filtering of results instead of security header 
validation
---
 .../rampart/PolicyBasedResultsValidator.java   | 304 ++---
 1 file changed, 142 insertions(+), 162 deletions(-)

diff --git 
a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
 
b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
index 82b45af2..eafea0c5 100644
--- 
a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
+++ 
b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
@@ -54,7 +54,7 @@ import java.util.*;
 import java.time.Instant;
 
 public class PolicyBasedResultsValidator implements 
ExtendedPolicyValidatorCallbackHandler {
-
+   
 private static Log log = 
LogFactory.getLog(PolicyBasedResultsValidator.class);
 
 public void validate(ValidatorData data, Vector results)
@@ -62,55 +62,43 @@ public class PolicyBasedResultsValidator implements 
ExtendedPolicyValidatorCallb
 List resultsList = new 
ArrayList(results);
 this.validate(data, resultsList);
 }
-
-/** 
+   
+/**
  * {@inheritDoc}
  */
 public void validate(ValidatorData data, List 
results)
 throws RampartException {
-
+   
 RampartMessageData rmd = data.getRampartMessageData();
-
+   
 RampartPolicyData rpd = rmd.getPolicyData();
-
-//If there's Security policy present and no results 
+   
+//If there's Security policy present and no results
 //then we should throw an error
 if(rpd != null && results == null) {
 throw new RampartException("noSecurityResults");
 }
-
+   
 //Check presence of timestamp
 WSSecurityEngineResult tsResult = null;
 if(rpd != null &&  rpd.isIncludeTimestamp()) {
-
-
-WSSecurityEngine secEngine = new WSSecurityEngine();
-try {
-WSHandlerResult wsResults =
-secEngine.processSecurityHeader(rmd.getDocument(), null, 
null, null);
-tsResult =
-wsResults.getActionResults().get(WSConstants.TS).get(0);
-} catch (WSSecurityException e) {
-// This has to be changed to propagate an instance of a 
RampartException up
-throw new RampartException("An error occurred while searching 
for timestamp elements.", e);
-}
-
+tsResult = fetchActionResult(results, WSConstants.TS);
 if(tsResult == null && !rpd.isIncludeTimestampOptional()) {
 throw new RampartException("timestampMissing");
 }
-
+   
 }
-
+   
 //sig/encr
 List encryptedParts = 
RampartUtil.getEncryptedParts(rmd);
 if(rpd != null && rpd.isSignatureProtection() && 
isSignatureRequired(rmd)) {
-
+   
 String sigId = RampartUtil.getSigElementId(rmd);
 
 
encryptedParts.add(RampartUtil.createEncryptionPart(WSConstants.SIG_LN, sigId, 
WSConstants.SIG_NS,
 RampartConstants.XML_ENCRYPTION_MODIFIER_ELEMENT));
 }
-
+   
 List signatureParts = 
RampartUtil.getSignedParts(rmd);
 
 //Timestamp is not included in sig parts
@@ -124,7 +112,7 @@ public class PolicyBasedResultsValidator implements 
ExtendedPolicyValidatorCallb
 }
 
 if(!rmd.isInitiator()) {
-
+   
 //Just an indicator for EndorsingSupportingToken signature
 SupportingToken endSupportingToken = null;
 if (rpd != null) {
@@ -134,7 +122,7 @@ public class PolicyBasedResultsValidator implements 
ExtendedPolicyValidatorCallb
 if(endSupportingToken !=  null && 
!endSupportingToken.isOptional()) {
 SignedEncryptedParts endSignedParts = 
endSupportingToken.getSignedParts();
 if((endSignedParts != null && !endSignedParts.isOptional() &&
-(endSignedParts.isBody() || 
+(endSignedParts.isBody() ||
 endSignedParts.getHeaders().size() > 0)) ||
 rpd.isIncludeTimestamp()) {
 
@@ -150,8 +138,8 @@ publi

(axis-axis2-java-core) branch dependabot/maven/modules/samples/userguide/src/userguide/springbootdemo/org.owasp.esapi-esapi-2.5.2.0 created (now 67da342611)

2023-10-27 Thread github-bot 
This is an automated email from the ASF dual-hosted git repository.

github-bot pushed a change to branch 
dependabot/maven/modules/samples/userguide/src/userguide/springbootdemo/org.owasp.esapi-esapi-2.5.2.0
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-core.git


  at 67da342611 Bump org.owasp.esapi:esapi

No new revisions were added by this update.