You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by cs...@apache.org on 2011/01/04 08:28:15 UTC
svn commit: r1054926 - in /cxf/trunk:
rt/transports/http/src/main/java/org/apache/cxf/transport/http/
rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/
rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/
rt/transpo...
Author: cschneider
Date: Tue Jan 4 07:28:14 2011
New Revision: 1054926
URL: http://svn.apache.org/viewvc?rev=1054926&view=rev
Log:
CXF-3216 Moving http auth classes to as separate package. changing HttpAuthSupplier to an interface and making it simpler. Note: This makes HttpAuthSupplier incompatible with the old style.
Added:
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/DefaultBasicAuthSupplier.java
- copied, changed from r1052233, cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DefaultBasicAuthSupplier.java
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/DigestAuthSupplier.java
- copied, changed from r1052233, cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/HttpAuthHeader.java
- copied, changed from r1052233, cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HttpAuthHeader.java
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/HttpAuthSupplier.java
- copied, changed from r1051955, cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HttpAuthSupplier.java
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/SpnegoAuthSupplier.java
- copied, changed from r1052233, cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/SpnegoAuthSupplier.java
Removed:
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DefaultBasicAuthSupplier.java
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HttpAuthHeader.java
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HttpAuthSupplier.java
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HttpBasicAuthSupplier.java
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HttpSpnegoAuthInterceptor.java
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/SpnegoAuthSupplier.java
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpBasicAuthSupplierBeanDefinitionParser.java
Modified:
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpAuthSupplierBeanDefinitionParser.java
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/NamespaceHandler.java
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/DigestAuthSupplierTest.java
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HttpAuthHeaderTest.java
cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java
Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java?rev=1054926&r1=1054925&r2=1054926&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java (original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java Tue Jan 4 07:28:14 2011
@@ -64,6 +64,11 @@ import org.apache.cxf.phase.PhaseInterce
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.transport.AbstractConduit;
import org.apache.cxf.transport.MessageObserver;
+import org.apache.cxf.transport.http.auth.DefaultBasicAuthSupplier;
+import org.apache.cxf.transport.http.auth.DigestAuthSupplier;
+import org.apache.cxf.transport.http.auth.HttpAuthHeader;
+import org.apache.cxf.transport.http.auth.HttpAuthSupplier;
+import org.apache.cxf.transport.http.auth.SpnegoAuthSupplier;
import org.apache.cxf.transport.http.policy.PolicyUtils;
import org.apache.cxf.transport.https.CertConstraints;
import org.apache.cxf.transport.https.CertConstraintsInterceptor;
@@ -236,9 +241,16 @@ public class HTTPConduit
private MessageTrustDecider trustDecider;
/**
- * This field contains the HttpAuthSupplier.
+ * Implements the authentication handling when talking to a server. If it is not set
+ * it will be created from the authorizationPolicy.authType
*/
private HttpAuthSupplier authSupplier;
+
+ /**
+ * Implements the proxy authentication handling. If it is not set
+ * it will be created from the proxyAuthorizationPolicy.authType
+ */
+ private HttpAuthSupplier proxyAuthSupplier;
private Cookies cookies;
@@ -361,8 +373,6 @@ public class HTTPConduit
} else {
LOG.log(Level.FINE, "HttpAuthSupplier of class '"
+ authSupplier.getClass().getName()
- + "' with logical name of '"
- + authSupplier.getLogicalName()
+ "' has been configured for Conduit '"
+ getConduitName()
+ "'");
@@ -471,8 +481,11 @@ public class HTTPConduit
int chunkThreshold = 0;
final AuthorizationPolicy effectiveAuthPolicy = getEffectiveAuthPolicy(message);
if (this.authSupplier == null) {
- String authType = effectiveAuthPolicy.getAuthorizationType();
- this.authSupplier = createAuthSupplier(authType);
+ this.authSupplier = createAuthSupplier(effectiveAuthPolicy.getAuthorizationType());
+ }
+
+ if (this.proxyAuthSupplier == null) {
+ this.proxyAuthSupplier = createAuthSupplier(proxyAuthorizationPolicy.getAuthorizationType());
}
if (this.authSupplier.requiresRequestCaching()) {
@@ -727,26 +740,16 @@ public class HTTPConduit
URL url
) {
Headers headers = new Headers(message);
- String authString = authSupplier.getPreemptiveAuthorization(this, url, message);
+ AuthorizationPolicy effectiveAuthPolicy = getEffectiveAuthPolicy(message);
+ String authString = authSupplier.getAuthorization(effectiveAuthPolicy, url, message, null);
if (authString != null) {
headers.setAuthorization(authString);
}
- // TODO Also use an authSupplier for proxy auth
- AuthorizationPolicy proxyAuthPolicy = getProxyAuthorization();
- if (proxyAuthPolicy != null && proxyAuthPolicy.isSetUserName()) {
- String userName = proxyAuthPolicy.getUserName();
- if (userName != null) {
- String passwd = "";
- if (proxyAuthPolicy.isSetPassword()) {
- passwd = proxyAuthPolicy.getPassword();
- }
- headers.setProxyAuthorization(HttpBasicAuthSupplier.getBasicAuthHeader(userName, passwd));
- } else if (proxyAuthPolicy.isSetAuthorizationType()
- && proxyAuthPolicy.isSetAuthorization()) {
- headers.setProxyAuthorization(proxyAuthPolicy.getAuthorizationType() + " "
- + proxyAuthPolicy.getAuthorization());
- }
+ String proxyAuthString = authSupplier.getAuthorization(proxyAuthorizationPolicy,
+ url, message, null);
+ if (proxyAuthString != null) {
+ headers.setProxyAuthorization(proxyAuthString);
}
}
@@ -906,6 +909,14 @@ public class HTTPConduit
this.authSupplier = supplier;
}
+ public HttpAuthSupplier getProxyAuthSupplier() {
+ return proxyAuthSupplier;
+ }
+
+ public void setProxyAuthSupplier(HttpAuthSupplier proxyAuthSupplier) {
+ this.proxyAuthSupplier = proxyAuthSupplier;
+ }
+
/**
* This function processes any retransmits at the direction of redirections
* or "unauthorized" responses.
@@ -1002,27 +1013,17 @@ public class HTTPConduit
CacheAndWriteOutputStream cachedStream
) throws IOException {
HttpAuthHeader authHeader = new HttpAuthHeader(connection.getHeaderField("WWW-Authenticate"));
- // If we don't have a dynamic supply of user pass, then
- // we don't retransmit. We just die with a Http 401 response.
- if (authSupplier == null) {
- if (authHeader.authTypeIsDigest()) {
- authSupplier = new DigestAuthSupplier();
- } else {
- return connection;
- }
- }
-
URL currentURL = connection.getURL();
String realm = authHeader.getRealm();
detectAuthorizationLoop(getConduitName(), message, currentURL, realm);
+ AuthorizationPolicy effectiveAthPolicy = getEffectiveAuthPolicy(message);
String authorizationToken =
- authSupplier.getAuthorizationForRealm(
- this, currentURL, message, realm, authHeader.getFullHeader());
+ authSupplier.getAuthorization(
+ effectiveAthPolicy, currentURL, message, authHeader.getFullHeader());
if (authorizationToken == null) {
// authentication not possible => we give up
return connection;
}
-
new Headers(message).setAuthorization(authorizationToken);
cookies.writeToMessageHeaders(message);
connection.disconnect();
@@ -1628,11 +1629,6 @@ public class HTTPConduit
return PolicyUtils.HTTPCLIENTPOLICY_ASSERTION_QNAME.equals(type);
}
- @Deprecated
- public void setBasicAuthSupplier(HttpBasicAuthSupplier basicAuthSupplier) {
- setAuthSupplier(basicAuthSupplier);
- }
-
public void propertyChange(PropertyChangeEvent evt) {
if (evt.getSource() == clientSidePolicy
&& "decoupledEndpoint".equals(evt.getPropertyName())) {
Copied: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/DefaultBasicAuthSupplier.java (from r1052233, cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DefaultBasicAuthSupplier.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/DefaultBasicAuthSupplier.java?p2=cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/DefaultBasicAuthSupplier.java&p1=cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DefaultBasicAuthSupplier.java&r1=1052233&r2=1054926&rev=1054926&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DefaultBasicAuthSupplier.java (original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/DefaultBasicAuthSupplier.java Tue Jan 4 07:28:14 2011
@@ -16,34 +16,38 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.cxf.transport.http;
+package org.apache.cxf.transport.http.auth;
import java.net.URL;
+import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.message.Message;
-final class DefaultBasicAuthSupplier extends HttpAuthSupplier {
- DefaultBasicAuthSupplier() {
+public final class DefaultBasicAuthSupplier implements HttpAuthSupplier {
+ public DefaultBasicAuthSupplier() {
super();
}
- @Override
- public String getPreemptiveAuthorization(HTTPConduit conduit, URL currentURL, Message message) {
- AuthorizationPolicy effectiveAuthPolicy = conduit.getEffectiveAuthPolicy(message);
- if (effectiveAuthPolicy.getUserName() != null && effectiveAuthPolicy.getPassword() != null) {
- return HttpBasicAuthSupplier.getBasicAuthHeader(effectiveAuthPolicy.getUserName(),
- effectiveAuthPolicy.getPassword());
+ public boolean requiresRequestCaching() {
+ return false;
+ }
+
+ public static String getBasicAuthHeader(String userName, String passwd) {
+ String userAndPass = userName + ":" + passwd;
+ return "Basic " + Base64Utility.encode(userAndPass.getBytes());
+ }
+
+ public String getAuthorization(AuthorizationPolicy authPolicy,
+ URL currentURL,
+ Message message,
+ String fullHeader) {
+ if (authPolicy.getUserName() != null && authPolicy.getPassword() != null) {
+ return getBasicAuthHeader(authPolicy.getUserName(),
+ authPolicy.getPassword());
} else {
return null;
}
}
- @Override
- public String getAuthorizationForRealm(HTTPConduit conduit, URL currentURL, Message message,
- String realm, String fullHeader) {
- return getPreemptiveAuthorization(conduit, currentURL, message);
- }
-
-
}
\ No newline at end of file
Copied: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/DigestAuthSupplier.java (from r1052233, cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/DigestAuthSupplier.java?p2=cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/DigestAuthSupplier.java&p1=cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java&r1=1052233&r2=1054926&rev=1054926&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java (original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/DigestAuthSupplier.java Tue Jan 4 07:28:14 2011
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.cxf.transport.http;
+package org.apache.cxf.transport.http.auth;
import java.io.UnsupportedEncodingException;
import java.net.URL;
@@ -33,7 +33,7 @@ import org.apache.cxf.message.Message;
/**
*
*/
-public class DigestAuthSupplier extends HttpAuthSupplier {
+public class DigestAuthSupplier implements HttpAuthSupplier {
private static final char[] HEXADECIMAL = {
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'
};
@@ -60,11 +60,23 @@ public class DigestAuthSupplier extends
return true;
}
- @Override
- public String getAuthorizationForRealm(HTTPConduit conduit, URL currentURL,
- Message message,
- String realm, String fullHeader) {
- AuthorizationPolicy authPolicy = conduit.getEffectiveAuthPolicy(message);
+ public String getAuthorization(AuthorizationPolicy authPolicy,
+ URL currentURL,
+ Message message,
+ String fullHeader) {
+ if (fullHeader == null) {
+ DigestInfo di = authInfo.get(currentURL);
+ if (di != null) {
+ /* Preemptive authentication is only possible if we have a cached
+ * challenge
+ */
+ return di.generateAuth(currentURL.getFile(),
+ authPolicy.getUserName(),
+ authPolicy.getPassword());
+ } else {
+ return null;
+ }
+ }
HttpAuthHeader authHeader = new HttpAuthHeader(fullHeader);
if (authHeader.authTypeIsDigest() && authPolicy != null) {
Map<String, String> map = authHeader.getParams();
@@ -95,17 +107,6 @@ public class DigestAuthSupplier extends
}
return null;
}
- @Override
- public String getPreemptiveAuthorization(HTTPConduit conduit, URL currentURL, Message message) {
- DigestInfo di = authInfo.get(currentURL);
- AuthorizationPolicy authPolicy = conduit.getEffectiveAuthPolicy(message);
- if (di != null) {
- return di.generateAuth(currentURL.getFile(),
- authPolicy.getUserName(),
- authPolicy.getPassword());
- }
- return null;
- }
public String createCnonce() throws UnsupportedEncodingException {
String cnonce = Long.toString(System.currentTimeMillis());
Copied: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/HttpAuthHeader.java (from r1052233, cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HttpAuthHeader.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/HttpAuthHeader.java?p2=cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/HttpAuthHeader.java&p1=cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HttpAuthHeader.java&r1=1052233&r2=1054926&rev=1054926&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HttpAuthHeader.java (original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/HttpAuthHeader.java Tue Jan 4 07:28:14 2011
@@ -16,7 +16,7 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.cxf.transport.http;
+package org.apache.cxf.transport.http.auth;
import java.io.IOException;
import java.io.StreamTokenizer;
Copied: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/HttpAuthSupplier.java (from r1051955, cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HttpAuthSupplier.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/HttpAuthSupplier.java?p2=cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/HttpAuthSupplier.java&p1=cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HttpAuthSupplier.java&r1=1051955&r2=1054926&rev=1054926&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HttpAuthSupplier.java (original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/HttpAuthSupplier.java Tue Jan 4 07:28:14 2011
@@ -17,21 +17,15 @@
* under the License.
*/
-package org.apache.cxf.transport.http;
+package org.apache.cxf.transport.http.auth;
import java.net.URL;
+import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.message.Message;
/**
- * This abstract class is extended by developers who need HTTP Auth
- * functionality on the client side. It supplies Authorization
- * information to an HTTPConduit.
- * <p>
- * The HTTPConduit will make a call to getPreemptiveAuthorization before
- * an HTTP request is made. The HTTPConduit will call on
- * getAuthorizationForRealm upon getting a 401 HTTP Response with a
- * "WWW-Authenticate: Basic realm=????" header.
+ * Supplies Authorization information to an HTTPConduit.
* <p>
* A HTTPConduit keeps a reference to this HttpAuthSupplier for the life
* of the HTTPConduit, unless changed out by dynamic configuration.
@@ -40,89 +34,30 @@ import org.apache.cxf.message.Message;
* <p>
* For instance, an implementation may not provide a Authorization preemptively for
* a particular URL and decide to get the realm information from
- * a 401 response in which the HTTPConduit will call getAuthorizationForReam for
+ * a 401 response in which the HTTPConduit will call getAuthorization for
* that URL. Then this implementation may provide the Authorization for this
- * particular URL preemptively for subsequent calls to getPreemptiveAuthorization.
+ * particular URL preemptively for subsequent calls to getAuthorization.
*/
-public abstract class HttpAuthSupplier {
-
- /**
- * This field contains the logical name of this HttpBasicAuthSuppler.
- * This field is not assigned to be final, since an extension may be
- * Spring initialized as a bean, have an appropriate setLogicalName
- * method, and set this field.
- */
- protected String logicalName;
-
- /**
- * The default constructor assigns the class name as the LogicalName.
- *
- */
- protected HttpAuthSupplier() {
- logicalName = this.getClass().getName();
- }
-
- /**
- * This constructor assigns the LogicalName of this HttpBasicAuthSupplier.
- *
- * @param name The Logical Name.
- */
- protected HttpAuthSupplier(String name) {
- logicalName = name;
- }
-
- /**
- * This method returns the LogicalName of this HttpBasicAuthSupplier.
- */
- public String getLogicalName() {
- return logicalName;
- }
-
+public interface HttpAuthSupplier {
+
/**
* If the supplier requires the request to be cached to be resent, return true
*/
- public boolean requiresRequestCaching() {
- return false;
- }
-
- /**
- * The HTTPConduit makes a call to this method before connecting
- * to the server behind a particular URL. If this implementation does not
- * have a Authorization for this URL, it should return null.
- *
- * @param conduit The HTTPConduit making the call.
- * @param currentURL The URL to which the request is to be made.
- * @param message The CXF Message.
- *
- * @return This method returns null if no Authorization is available.
- */
- public abstract String getPreemptiveAuthorization(
- HTTPConduit conduit,
- URL currentURL,
- Message message);
+ boolean requiresRequestCaching();
/**
- * The HTTPConduit makes a call to this method if it
- * receives a 401 response to a particular URL for
- * a given message. The realm information is taken
- * from the "WWW-Authenticate: ???? realm=?????"
- * header. The current message may be retransmitted
- * if this call returns a Authorization. The current message will
- * fail with a 401 if null is returned. If no Authorization is available
- * for this particular URL, realm, and message, then null
- * should be returned.
+ * The HTTPConduit makes a call to this method to obtain
+ * an Authentication token for http authentication.
*
- * @param conduit The conduit making the call.
- * @param currentURL The current URL from which the reponse came.
- * @param message The CXF Message.
- * @param realm The realm extraced from the basic auth header.
- * @param fullHeader The full WWW-Authenticate header
- * @return
- */
- public abstract String getAuthorizationForRealm(
- HTTPConduit conduit,
- URL currentURL,
+ * @param authPolicy credentials for the authentication
+ * @param url The URL we want to connect to
+ * @param message The CXF Message
+ * @param fullHeader The full WWW-Authenticate header or null if preemptive auth
+ * @return token for Authenticate string or null if authentication is not possible
+ */
+ String getAuthorization(
+ AuthorizationPolicy authPolicy,
+ URL url,
Message message,
- String realm,
String fullHeader);
}
Copied: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/SpnegoAuthSupplier.java (from r1052233, cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/SpnegoAuthSupplier.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/SpnegoAuthSupplier.java?p2=cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/SpnegoAuthSupplier.java&p1=cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/SpnegoAuthSupplier.java&r1=1052233&r2=1054926&rev=1054926&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/SpnegoAuthSupplier.java (original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/SpnegoAuthSupplier.java Tue Jan 4 07:28:14 2011
@@ -16,7 +16,7 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.cxf.transport.http;
+package org.apache.cxf.transport.http.auth;
import java.net.URL;
import java.security.PrivilegedActionException;
@@ -42,17 +42,22 @@ import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
-public class SpnegoAuthSupplier extends HttpAuthSupplier {
+public class SpnegoAuthSupplier implements HttpAuthSupplier {
private static final String KERBEROS_OID = "1.2.840.113554.1.2.2";
//private static final String SPNEGO_OID = "1.3.6.1.5.5.2";
- private static final Logger LOG = LogUtils.getL7dLogger(HTTPConduit.class);
+ private static final Logger LOG = LogUtils.getL7dLogger(SpnegoAuthSupplier.class);
private LoginContext lc;
+
+ public boolean requiresRequestCaching() {
+ return false;
+ }
- @Override
- public String getPreemptiveAuthorization(HTTPConduit conduit, URL currentURL, Message message) {
- AuthorizationPolicy authPolicy = conduit.getEffectiveAuthPolicy(message);
+ public String getAuthorization(AuthorizationPolicy authPolicy,
+ URL currentURL,
+ Message message,
+ String fullHeader) {
if (!HttpAuthHeader.AUTH_TYPE_NEGOTIATE.equals(authPolicy.getAuthorizationType())) {
return null;
}
@@ -68,12 +73,6 @@ public class SpnegoAuthSupplier extends
}
}
- @Override
- public String getAuthorizationForRealm(HTTPConduit conduit, URL currentURL, Message message,
- String realm, String fullHeader) {
- return getPreemptiveAuthorization(conduit, currentURL, message);
- }
-
/**
* Create and return service ticket token
*
@@ -169,4 +168,5 @@ public class SpnegoAuthSupplier extends
};
return handler;
}
+
}
Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpAuthSupplierBeanDefinitionParser.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpAuthSupplierBeanDefinitionParser.java?rev=1054926&r1=1054925&r2=1054926&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpAuthSupplierBeanDefinitionParser.java (original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpAuthSupplierBeanDefinitionParser.java Tue Jan 4 07:28:14 2011
@@ -22,7 +22,7 @@ package org.apache.cxf.transport.http.sp
import org.w3c.dom.Element;
import org.apache.cxf.configuration.spring.AbstractBeanDefinitionParser;
-import org.apache.cxf.transport.http.HttpAuthSupplier;
+import org.apache.cxf.transport.http.auth.HttpAuthSupplier;
public class HttpAuthSupplierBeanDefinitionParser extends
AbstractBeanDefinitionParser {
Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java?rev=1054926&r1=1054925&r2=1054926&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java (original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java Tue Jan 4 07:28:14 2011
@@ -34,8 +34,8 @@ import org.apache.cxf.configuration.secu
import org.apache.cxf.configuration.spring.AbstractBeanDefinitionParser;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.cxf.transport.http.HTTPConduit;
-import org.apache.cxf.transport.http.HttpAuthSupplier;
import org.apache.cxf.transport.http.MessageTrustDecider;
+import org.apache.cxf.transport.http.auth.HttpAuthSupplier;
import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.xml.ParserContext;
Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/NamespaceHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/NamespaceHandler.java?rev=1054926&r1=1054925&r2=1054926&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/NamespaceHandler.java (original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/NamespaceHandler.java Tue Jan 4 07:28:14 2011
@@ -27,9 +27,7 @@ public class NamespaceHandler extends Na
registerBeanDefinitionParser("trustDecider",
new MessageTrustDeciderBeanDefinitionParser());
registerBeanDefinitionParser("authSupplier",
- new HttpAuthSupplierBeanDefinitionParser());
- registerBeanDefinitionParser("basicAuthSupplier",
- new HttpBasicAuthSupplierBeanDefinitionParser());
+ new HttpAuthSupplierBeanDefinitionParser());
registerBeanDefinitionParser("destination",
new HttpDestinationBeanDefinitionParser());
}
Modified: cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/DigestAuthSupplierTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/DigestAuthSupplierTest.java?rev=1054926&r1=1054925&r2=1054926&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/DigestAuthSupplierTest.java (original)
+++ cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/DigestAuthSupplierTest.java Tue Jan 4 07:28:14 2011
@@ -27,6 +27,8 @@ import java.util.Map;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.transport.http.auth.DigestAuthSupplier;
+import org.apache.cxf.transport.http.auth.HttpAuthHeader;
import org.easymock.classextension.EasyMock;
import org.easymock.classextension.IMocksControl;
@@ -71,18 +73,15 @@ public class DigestAuthSupplierTest {
};
IMocksControl control = EasyMock.createControl();
- HTTPConduit conduit = control.createMock(HTTPConduit.class);
AuthorizationPolicy authorizationPolicy = new AuthorizationPolicy();
authorizationPolicy.setUserName("testUser");
authorizationPolicy.setPassword("testPassword");
-
- EasyMock.expect(conduit.getEffectiveAuthPolicy(EasyMock.isA(Message.class)))
- .andReturn(authorizationPolicy).atLeastOnce();
URL url = new URL("http://myserver");
Message message = new MessageImpl();
control.replay();
+
String authToken = authSupplier
- .getAuthorizationForRealm(conduit, url, message, "myRealm", fullHeader);
+ .getAuthorization(authorizationPolicy, url, message, fullHeader);
HttpAuthHeader authHeader = new HttpAuthHeader(authToken);
assertEquals("Digest", authHeader.getAuthType());
Map<String, String> params = authHeader.getParams();
Modified: cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java?rev=1054926&r1=1054925&r2=1054926&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java (original)
+++ cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java Tue Jan 4 07:28:14 2011
@@ -35,6 +35,7 @@ import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageImpl;
import org.apache.cxf.service.model.EndpointInfo;
+import org.apache.cxf.transport.http.auth.HttpAuthSupplier;
import org.apache.cxf.ws.addressing.EndpointReferenceType;
import org.apache.cxf.wsdl.EndpointReferenceUtils;
@@ -68,20 +69,16 @@ public class HTTPConduitTest extends Ass
return message;
}
- /**
- * This test class is a Basic Auth Supplier with a
- * preemptive UserPass.
- */
- class BasicAuthSupplier extends HttpBasicAuthSupplier {
- public UserPass getPreemptiveUserPass(
- String conduitName, URL url, Message m) {
- return createUserPass("Gandalf", "staff");
- }
- public UserPass getUserPassForRealm(
- String conduitName, URL url, Message m, String r) {
- return null;
+ private final class TestAuthSupplier implements HttpAuthSupplier {
+
+ public String getAuthorization(AuthorizationPolicy authPolicy, URL currentURL, Message message,
+ String fullHeader) {
+ return "myauth";
}
+ public boolean requiresRequestCaching() {
+ return false;
+ }
}
/**
@@ -200,7 +197,7 @@ public class HTTPConduitTest extends Ass
headers.get("Authorization").get(0));
// Setting a Basic Auth User Pass should override
- conduit.setAuthSupplier(new BasicAuthSupplier());
+ conduit.setAuthSupplier(new TestAuthSupplier());
message = getNewMessage();
// Test Call
@@ -208,10 +205,9 @@ public class HTTPConduitTest extends Ass
headers =
CastUtils.cast((Map<?, ?>)message.get(Message.PROTOCOL_HEADERS));
-
- assertEquals("Unexpected Authorization Token",
- "Basic " + Base64Utility.encode("Gandalf:staff".getBytes()),
- headers.get("Authorization").get(0));
+ List<String> authorization = headers.get("Authorization");
+ assertNotNull("Authorization Token must be set", authorization);
+ assertEquals("Wrong Authorization Token", "myauth", authorization.get(0));
conduit.setAuthSupplier(null);
// Setting authorization policy on the message should override
Modified: cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HttpAuthHeaderTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HttpAuthHeaderTest.java?rev=1054926&r1=1054925&r2=1054926&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HttpAuthHeaderTest.java (original)
+++ cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HttpAuthHeaderTest.java Tue Jan 4 07:28:14 2011
@@ -21,6 +21,8 @@ package org.apache.cxf.transport.http;
import java.util.HashMap;
import java.util.Map;
+import org.apache.cxf.transport.http.auth.HttpAuthHeader;
+
import org.junit.Test;
import static org.junit.Assert.assertEquals;
Modified: cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java?rev=1054926&r1=1054925&r2=1054926&view=diff
==============================================================================
--- cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java (original)
+++ cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java Tue Jan 4 07:28:14 2011
@@ -52,10 +52,11 @@ import org.apache.cxf.message.Message;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.transport.http.HTTPConduit;
-import org.apache.cxf.transport.http.HttpAuthSupplier;
import org.apache.cxf.transport.http.MessageTrustDecider;
import org.apache.cxf.transport.http.URLConnectionInfo;
import org.apache.cxf.transport.http.UntrustedURLConnectionIOException;
+import org.apache.cxf.transport.http.auth.HttpAuthHeader;
+import org.apache.cxf.transport.http.auth.HttpAuthSupplier;
import org.apache.cxf.transport.https.HttpsURLConnectionInfo;
@@ -742,7 +743,7 @@ public class HTTPConduitTest extends Abs
}
- public class MyBasicAuthSupplier extends HttpAuthSupplier {
+ public class MyBasicAuthSupplier implements HttpAuthSupplier {
String realm;
String user;
@@ -759,27 +760,18 @@ public class HTTPConduitTest extends Abs
user = u;
pass = p;
}
- @Override
- public String getPreemptiveAuthorization(
- HTTPConduit conduit,
- URL currentURL,
- Message message
- ) {
- return null;
- }
/**
* If we don't have the realm set, then we loop
* through the realms.
*/
- @Override
- public String getAuthorizationForRealm(
- HTTPConduit conduit,
+ public String getAuthorization(
+ AuthorizationPolicy authPolicy,
URL currentURL,
- Message message,
- String reqestedRealm,
+ Message message,
String fullHeader
) {
+ String reqestedRealm = new HttpAuthHeader(fullHeader).getRealm();
if (realm != null && realm.equals(reqestedRealm)) {
return createUserPass(user, pass);
}
@@ -804,6 +796,10 @@ public class HTTPConduitTest extends Abs
return "Basic " + token;
}
+ public boolean requiresRequestCaching() {
+ return false;
+ }
+
}
/**