Add ability to override Wss4J default values for InclusivePrefixes

Jenkinsfile

@@ -156,7 +156,7 @@ pipeline {
 						slackSend(
                                 color: (currentBuild.currentResult == 'SUCCESS') ? 'good' : 'danger',
                                 channel: '#spring-ws',
-                                message: "@here Spring WS ${PROJECT_VERSION} is staged on Sonatype awaiting closure and release.")
+                                message: "Spring WS ${PROJECT_VERSION} is staged on Sonatype awaiting closure and release.")
 					} else {
 						sh "PROFILE=distribute,${RELEASE_TYPE} ci/build-and-deploy-to-artifactory.sh"
 					}

README.adoc

@@ -46,6 +46,7 @@ You can also import the project into your IDE.
 NOTE: You can chain the previous set of commands together using `&&`.
 
 The pipeline will build and release the "release" branch. It will also build a new a new snapshot and stage it on artifactory.
+For releases that go to Maven Central, the user much manually check out and verify the artifacts before releasing them.
 
 === Running CI tasks locally
 

pom.xml

@@ -1,11 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+		 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 
 	<groupId>org.springframework.ws</groupId>
 	<artifactId>spring-ws</artifactId>
-	<version>3.1.2-SNAPSHOT</version>
+	<version>3.1.3-SNAPSHOT</version>
 	<packaging>pom</packaging>
 
 	<name>Spring Web Services</name>
@@ -102,8 +102,7 @@
 		<jetty.version>6.1.26</jetty.version>
 		<jms.version>2.0.1</jms.version>
 		<junit.version>5.7.0</junit.version>
-		<log4j.version>1.2.17</log4j.version>
-		<log4j2.version>2.11.0</log4j2.version>
+		<log4j2.version>2.15.0</log4j2.version>
 		<mail.version>1.4.7</mail.version>
 		<mock-javamail.version>1.9</mock-javamail.version>
 		<saaj-impl.version>1.5.2</saaj-impl.version>
@@ -112,12 +111,12 @@
 		<soap-api.version>1.4.0</soap-api.version>
 		<spring.version>5.3.7</spring.version>
 		<spring-security.version>5.5.0</spring-security.version>
-		<stax.version>1.7.8</stax.version>
+		<stax.version>1.8.3</stax.version>
 		<sun-mail.version>1.6.0</sun-mail.version>
 		<woodstox.version>4.2.0</woodstox.version>
 		<wsdl4j.version>1.6.3</wsdl4j.version>
 		<wss4j.version>2.3.0</wss4j.version>
-		<xmlsec.version>2.2.0</xmlsec.version>
+		<xmlsec.version>2.3.0</xmlsec.version>
 		<xml-schema-core.version>2.2.2</xml-schema-core.version>
 		<xmlunit1.version>1.6</xmlunit1.version>
 		<xmlunit.version>2.7.0</xmlunit.version>
@@ -274,6 +273,21 @@
 							</execution>
 						</executions>
 					</plugin>
+
+					<plugin>
+						<groupId>org.basepom.maven</groupId>
+						<artifactId>duplicate-finder-maven-plugin</artifactId>
+						<version>1.5.0</version>
+						<executions>
+							<execution>
+								<id>check-for-duplicates</id>
+								<goals>
+									<goal>check</goal>
+								</goals>
+								<phase>validate</phase>
+							</execution>
+						</executions>
+					</plugin>
 				</plugins>
 			</build>
 		</profile>

spring-ws-core/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>org.springframework.ws</groupId>
 		<artifactId>spring-ws</artifactId>
-		<version>3.1.2-SNAPSHOT</version>
+		<version>3.1.3-SNAPSHOT</version>
 	</parent>
 
 	<artifactId>spring-ws-core</artifactId>

spring-ws-core/src/main/java/org/springframework/ws/transport/TransportInputStream.java

@@ -47,7 +47,9 @@ private InputStream getInputStream() throws IOException {
 
 	@Override
 	public void close() throws IOException {
-		getInputStream().close();
+		if (inputStream != null) {
+			getInputStream().close();
+		}
 	}
 
 	@Override

spring-ws-core/src/main/java/org/springframework/ws/transport/TransportOutputStream.java

@@ -45,12 +45,16 @@ private OutputStream getOutputStream() throws IOException {
 
 	@Override
 	public void close() throws IOException {
-		getOutputStream().close();
+		if (outputStream != null) {
+			getOutputStream().close();
+		}
 	}
 
 	@Override
 	public void flush() throws IOException {
-		getOutputStream().flush();
+		if (outputStream != null) {
+			getOutputStream().flush();
+		}
 	}
 
 	@Override

spring-ws-security/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>org.springframework.ws</groupId>
 		<artifactId>spring-ws</artifactId>
-		<version>3.1.2-SNAPSHOT</version>
+		<version>3.1.3-SNAPSHOT</version>
 	</parent>
 
 	<artifactId>spring-ws-security</artifactId>

spring-ws-security/src/main/java/org/springframework/ws/soap/security/wss4j2/Wss4jSecurityInterceptor.java

@@ -179,6 +179,8 @@ public class Wss4jSecurityInterceptor extends AbstractWsSecurityInterceptor impl
 
 	private boolean bspCompliant;
 
+	private boolean addInclusivePrefixes = true;
+
 	private boolean securementUseDerivedKey;
 
 	private CallbackHandler samlCallbackHandler;
@@ -541,6 +543,15 @@ public void setBspCompliant(boolean bspCompliant) {
 		this.bspCompliant = bspCompliant;
 	}
 
+	/**
+	 * Sets whether to add an InclusiveNamespaces PrefixList as a CanonicalizationMethod child
+	 * when generating Signatures using WSConstants.C14N_EXCL_OMIT_COMMENTS. Default is {@code true}.
+	 */
+	public void setAddInclusivePrefixes(boolean addInclusivePrefixes) {
+		this.handler.setOption(WSHandlerConstants.ADD_INCLUSIVE_PREFIXES, addInclusivePrefixes);
+		this.addInclusivePrefixes = addInclusivePrefixes;
+	}
+
 	/**
 	 * Sets whether the RSA 1.5 key transport algorithm is allowed.
 	 */
@@ -676,6 +687,9 @@ protected RequestData initializeValidationRequestData(MessageContext messageCont
 		if (requestData.getBSPEnforcer() != null) {
 			requestData.getBSPEnforcer().setDisableBSPRules(!bspCompliant);
 		}
+
+		requestData.setAddInclusivePrefixes(addInclusivePrefixes);
+
 		// allow for qualified password types for .Net interoperability
 		requestData.setAllowNamespaceQualifiedPasswordTypes(true);
 

spring-ws-security/src/test/java/org/springframework/ws/soap/security/wss4j2/SaajWss4jMessageInterceptorSignTest.java

@@ -83,4 +83,45 @@ public void testSignAndValidate() throws Exception {
 
 		interceptor.validateMessage(message, messageContext);
 	}
+
+	@Test
+	public void testSignWithoutInclusivePrefixesAndValidate() throws Exception {
+
+		Transformer transformer = TransformerFactoryUtils.newInstance().newTransformer();
+		interceptor.setSecurementActions("Signature");
+		interceptor.setEnableSignatureConfirmation(false);
+		interceptor.setSecurementPassword("123456");
+		interceptor.setSecurementUsername("rsaKey");
+		interceptor.setAddInclusivePrefixes(false);
+		SOAPMessage saajMessage = saajSoap11MessageFactory.createMessage();
+		transformer.transform(new StringSource(PAYLOAD), new DOMResult(saajMessage.getSOAPBody()));
+		SoapMessage message = new SaajSoapMessage(saajMessage, saajSoap11MessageFactory);
+		MessageContext messageContext = new DefaultMessageContext(message, new SaajSoapMessageFactory(saajSoap11MessageFactory));
+
+		interceptor.secureMessage(message, messageContext);
+
+		SOAPHeader header = ((SaajSoapMessage) message).getSaajMessage().getSOAPHeader();
+		Iterator<?> iterator = header.getChildElements(
+				new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security"));
+
+		assertThat(iterator.hasNext()).isTrue();
+
+		SOAPHeaderElement securityHeader = (SOAPHeaderElement) iterator.next();
+		iterator = securityHeader.getChildElements(new QName("http://www.w3.org/2000/09/xmldsig#", "Signature"));
+
+		assertThat(iterator.hasNext()).isTrue();
+
+		ByteArrayOutputStream bos = new ByteArrayOutputStream();
+		message.writeTo(bos);
+
+		MimeHeaders mimeHeaders = new MimeHeaders();
+		mimeHeaders.addHeader("Content-Type", "text/xml");
+		ByteArrayInputStream bis = new ByteArrayInputStream(bos.toByteArray());
+
+		SOAPMessage signed = saajSoap11MessageFactory.createMessage(mimeHeaders, bis);
+		message = new SaajSoapMessage(signed, saajSoap11MessageFactory);
+		messageContext = new DefaultMessageContext(message, new SaajSoapMessageFactory(saajSoap11MessageFactory));
+
+		interceptor.validateMessage(message, messageContext);
+	}
 }

spring-ws-security/src/test/java/org/springframework/ws/soap/security/wss4j2/SaajWss4jSecurityInterceptorDefaultsTest.java

@@ -0,0 +1,85 @@
+/*
+ * Copyright 2005-2014 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.ws.soap.security.wss4j2;
+
+import org.apache.wss4j.dom.handler.RequestData;
+import org.junit.jupiter.api.Test;
+import org.springframework.test.util.ReflectionTestUtils;
+import org.springframework.ws.context.DefaultMessageContext;
+import org.springframework.ws.context.MessageContext;
+import org.springframework.ws.soap.SoapMessage;
+import org.springframework.ws.soap.saaj.SaajSoapMessage;
+import org.springframework.ws.soap.saaj.SaajSoapMessageFactory;
+import org.springframework.xml.transform.StringSource;
+import org.springframework.xml.transform.TransformerFactoryUtils;
+
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPMessage;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.dom.DOMResult;
+
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.springframework.test.util.AssertionErrors.assertEquals;
+
+public class SaajWss4jSecurityInterceptorDefaultsTest extends Wss4jTestCase {
+
+	private static final String PAYLOAD = "<tru:StockSymbol xmlns:tru=\"http://fabrikam123.com/payloads\">QQQ</tru:StockSymbol>";
+
+
+	@Test
+	public void testThatTheDefaultValueForAddInclusivePrefixesMatchesWss4JDefaultValue() {
+		Wss4jSecurityInterceptor subject = new Wss4jSecurityInterceptor();
+		RequestData requestData = new RequestData();
+		Boolean springDefault = (Boolean) ReflectionTestUtils.getField(subject, Wss4jSecurityInterceptor.class, "addInclusivePrefixes");
+		assertEquals("Spring-ws default for addInclusivePrefixes matches Wss4j default", requestData.isAddInclusivePrefixes(), springDefault);
+	}
+
+	@Test
+	public void testThatInitializeValidationRequestDataSetsInclusivePrefixesUsingDefaults() throws TransformerException, SOAPException {
+		Wss4jSecurityInterceptor subject = new Wss4jSecurityInterceptor();
+
+		Transformer transformer = TransformerFactoryUtils.newInstance().newTransformer();
+
+		SOAPMessage saajMessage = saajSoap11MessageFactory.createMessage();
+		transformer.transform(new StringSource(PAYLOAD), new DOMResult(saajMessage.getSOAPBody()));
+		SoapMessage message = new SaajSoapMessage(saajMessage, saajSoap11MessageFactory);
+		MessageContext messageContext = new DefaultMessageContext(message, new SaajSoapMessageFactory(saajSoap11MessageFactory));
+
+		RequestData validationData = ReflectionTestUtils.invokeMethod(subject, "initializeValidationRequestData", messageContext);
+
+		assertTrue(validationData.isAddInclusivePrefixes());
+	}
+
+
+	@Test
+	public void testThatInitializeValidationRequestDataSetsInclusivePrefixesUsingNotUsingInclusivePrefixes() throws TransformerException, SOAPException {
+		Wss4jSecurityInterceptor subject = new Wss4jSecurityInterceptor();
+		subject.setAddInclusivePrefixes(false);
+				Transformer transformer = TransformerFactoryUtils.newInstance().newTransformer();
+
+		SOAPMessage saajMessage = saajSoap11MessageFactory.createMessage();
+		transformer.transform(new StringSource(PAYLOAD), new DOMResult(saajMessage.getSOAPBody()));
+		SoapMessage message = new SaajSoapMessage(saajMessage, saajSoap11MessageFactory);
+		MessageContext messageContext = new DefaultMessageContext(message, new SaajSoapMessageFactory(saajSoap11MessageFactory));
+
+		RequestData validationData = ReflectionTestUtils.invokeMethod(subject, "initializeValidationRequestData", messageContext);
+
+		assertFalse(validationData.isAddInclusivePrefixes());
+	}
+}

spring-ws-support/.gitignore

@@ -3,4 +3,4 @@ target
 .classpath
 .project
 .settings
-
+data

spring-ws-support/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>org.springframework.ws</groupId>
 		<artifactId>spring-ws</artifactId>
-		<version>3.1.2-SNAPSHOT</version>
+		<version>3.1.3-SNAPSHOT</version>
 	</parent>
 
 	<artifactId>spring-ws-support</artifactId>

spring-ws-test/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>org.springframework.ws</groupId>
 		<artifactId>spring-ws</artifactId>
-		<version>3.1.2-SNAPSHOT</version>
+		<version>3.1.3-SNAPSHOT</version>
 	</parent>
 
 	<artifactId>spring-ws-test</artifactId>

spring-xml/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>org.springframework.ws</groupId>
 		<artifactId>spring-ws</artifactId>
-		<version>3.1.2-SNAPSHOT</version>
+		<version>3.1.3-SNAPSHOT</version>
 	</parent>
 
 	<artifactId>spring-xml</artifactId>