You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2013/02/06 20:04:24 UTC
svn commit: r1443132 - in /cxf/trunk:
rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java
systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasSecurityTest.java
Author: dkulp
Date: Wed Feb 6 19:04:24 2013
New Revision: 1443132
URL: http://svn.apache.org/viewvc?rev=1443132&view=rev
Log:
[CXF-4815] Only return the auth creds once
Modified:
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasSecurityTest.java
Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java?rev=1443132&r1=1443131&r2=1443132&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java (original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java Wed Feb 6 19:04:24 2013
@@ -97,10 +97,18 @@ public class CXFAuthenticator extends Au
}
} else if (getRequestorType() == RequestorType.SERVER
&& httpConduit.getAuthorization() != null) {
+
+ if (m.containsKey(PasswordAuthentication.class.getName())
+ && ("basic".equals(getRequestingScheme())
+ || "digest".equals(getRequestingScheme()))) {
+ return null;
+ }
+
String un = httpConduit.getAuthorization().getUserName();
String pwd = httpConduit.getAuthorization().getPassword();
if (un != null && pwd != null) {
auth = new PasswordAuthentication(un, pwd.toCharArray());
+ m.put(PasswordAuthentication.class.getName(), Boolean.TRUE);
}
}
}
Modified: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasSecurityTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasSecurityTest.java?rev=1443132&r1=1443131&r2=1443132&view=diff
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasSecurityTest.java (original)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasSecurityTest.java Wed Feb 6 19:04:24 2013
@@ -24,6 +24,7 @@ import java.util.Collections;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
+import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.jaxrs.client.WebClient;
import org.junit.BeforeClass;
@@ -64,9 +65,15 @@ public class JAXRSJaasSecurityTest exten
String endpointAddress =
"http://localhost:" + PORT + "/service/jaas2/bookstorestorage/thosebooks/123";
WebClient wc = WebClient.create(endpointAddress);
+ AuthorizationPolicy pol = new AuthorizationPolicy();
+ pol.setUserName("foo");
+ pol.setPassword("bar1");
+ WebClient.getConfig(wc).getHttpConduit().setAuthorization(pol);
+
wc.accept("text/xml");
- wc.header(HttpHeaders.AUTHORIZATION,
- "Basic " + base64Encode("foo" + ":" + "bar1"));
+
+ //wc.header(HttpHeaders.AUTHORIZATION,
+ // "Basic " + base64Encode("foo" + ":" + "bar1"));
Response r = wc.get();
assertEquals(401, r.getStatus());
Object wwwAuthHeader = r.getMetadata().getFirst(HttpHeaders.WWW_AUTHENTICATE);