You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by em...@apache.org on 2019/11/04 02:14:09 UTC
[cxf] branch master updated: [CXF-8140]:setAccessible(true) before reflection method java.security… (#592)
This is an automated email from the ASF dual-hosted git repository.
ema pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new 8df29be [CXF-8140]:setAccessible(true) before reflection method java.security… (#592)
8df29be is described below
commit 8df29be4ed1ed337f6cbd953b5523019ed92acec
Author: jimma <em...@apache.org>
AuthorDate: Mon Nov 4 10:13:59 2019 +0800
[CXF-8140]:setAccessible(true) before reflection method java.security… (#592)
* [CXF-8140]:setAccessible(true) before reflection method java.security.acl.Group#members invocation
* [CXF-8140]:Add test and log the AccessDenied exception
---
.../security/DefaultSecurityContext.java | 9 ++-
.../security/DefaultSecurityContextTest.java | 14 ++++
.../interceptor/security/test/GroupWrapper.java | 82 ++++++++++++++++++++++
3 files changed, 104 insertions(+), 1 deletion(-)
diff --git a/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java b/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
index 9d25b71..aa1a6da 100644
--- a/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
+++ b/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
@@ -24,9 +24,12 @@ import java.security.Principal;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
+import java.util.logging.Level;
+import java.util.logging.Logger;
import javax.security.auth.Subject;
+import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.security.GroupPrincipal;
import org.apache.cxf.common.util.ReflectionUtil;
import org.apache.cxf.security.LoginSecurityContext;
@@ -37,7 +40,7 @@ import org.apache.cxf.security.LoginSecurityContext;
* Groups the principal is a member of
*/
public class DefaultSecurityContext implements LoginSecurityContext {
-
+ private static final Logger LOG = LogUtils.getL7dLogger(DefaultSecurityContext.class);
private static Class<?> javaGroup;
private static Class<?> karafGroup;
@@ -127,10 +130,14 @@ public class DefaultSecurityContext implements LoginSecurityContext {
Enumeration<? extends Principal> members;
try {
Method m = ReflectionUtil.getMethod(principal.getClass(), "members");
+ m.setAccessible(true);
@SuppressWarnings("unchecked")
Enumeration<? extends Principal> ms = (Enumeration<? extends Principal>)m.invoke(principal);
members = ms;
} catch (Exception e) {
+ if (LOG.isLoggable(Level.FINE)) {
+ LOG.fine("Unable to invoke memebers in " + principal.getName() + ":" + e.getMessage());
+ }
return false;
}
diff --git a/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java b/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java
index 3a80cfc..f4faf7d 100644
--- a/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java
+++ b/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java
@@ -27,6 +27,7 @@ import javax.security.auth.Subject;
import org.apache.cxf.common.security.GroupPrincipal;
import org.apache.cxf.common.security.SimpleGroup;
import org.apache.cxf.common.security.SimplePrincipal;
+import org.apache.cxf.interceptor.security.test.GroupWrapper;
import org.apache.cxf.security.LoginSecurityContext;
import org.junit.Test;
@@ -117,5 +118,18 @@ public class DefaultSecurityContextTest {
assertFalse(context.isUserInRole("family"));
assertFalse(context.isUserInRole("Barry"));
}
+
+ @Test
+ public void testPrivateStaticGroup() {
+ Subject s = new Subject();
+ Principal p = new SimplePrincipal("Barry");
+ s.getPrincipals().add(p);
+ //create a friend group and add Barry to this group
+ GroupWrapper test = new GroupWrapper("friend", "Barry");
+ s.getPrincipals().add(test.getGroup());
+ LoginSecurityContext context = new DefaultSecurityContext(p, s);
+ assertTrue(context.isUserInRole("Barry"));
+ }
+
}
\ No newline at end of file
diff --git a/core/src/test/java/org/apache/cxf/interceptor/security/test/GroupWrapper.java b/core/src/test/java/org/apache/cxf/interceptor/security/test/GroupWrapper.java
new file mode 100644
index 0000000..445e298
--- /dev/null
+++ b/core/src/test/java/org/apache/cxf/interceptor/security/test/GroupWrapper.java
@@ -0,0 +1,82 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.interceptor.security.test;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.cxf.common.security.SimplePrincipal;
+
+public class GroupWrapper {
+
+ private Principal group;
+
+ public GroupWrapper(String groupName, String userName) {
+ SimpleGroup simpeG = new SimpleGroup(groupName);
+ simpeG.addMember(new SimplePrincipal(userName));
+ group = simpeG;
+
+ }
+
+ public Principal getGroup() {
+ return this.group;
+ }
+
+
+
+ private static class SimpleGroup implements Group {
+ private String name;
+ private final Set<Principal> principals;
+
+ SimpleGroup(String name) {
+ this.name = name;
+ this.principals = new HashSet<>();
+ }
+
+ @Override
+ public String getName() {
+ return this.name;
+ }
+
+ @Override
+ public boolean addMember(Principal principal) {
+ return this.principals.add(principal);
+ }
+
+ @Override
+ public boolean removeMember(Principal principal) {
+ return this.principals.remove(principal);
+ }
+
+ @Override
+ public Enumeration<? extends Principal> members() {
+ return Collections.enumeration(this.principals);
+ }
+
+ @Override
+ public boolean isMember(Principal principal) {
+ return this.principals.contains(principal);
+ }
+ }
+
+}