You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by as...@apache.org on 2013/07/15 11:51:17 UTC
svn commit: r1503156 - in
/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security:
SecurityConstants.java wss4j/WSS4JInInterceptor.java
Author: ashakirin
Date: Mon Jul 15 09:51:17 2013
New Revision: 1503156
URL: http://svn.apache.org/r1503156
Log:
[CXF-5126] Fix creation of SecurityContext from JAAS Subject for Kerberos
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1503156&r1=1503155&r2=1503156&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Mon Jul 15 09:51:17 2013
@@ -454,6 +454,13 @@ public final class SecurityConstants {
*/
public static final String MUST_UNDERSTAND = "ws-security.must-understand";
+ /**
+ * Set this to "false" if security context must not be created from JAAS Subject.
+ *
+ * The default value is "true".
+ */
+ public static final String SC_FROM_JAAS_SUBJECT = "ws-security.sc.jaas-subject";
+
//
// Internal tags
//
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1503156&r1=1503155&r2=1503156&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Mon Jul 15 09:51:17 2013
@@ -34,6 +34,7 @@ import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.kerberos.KerberosPrincipal;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
@@ -457,7 +458,9 @@ public class WSS4JInInterceptor extends
}
final Principal p = (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);
final Subject subject = (Subject)o.get(WSSecurityEngineResult.TAG_SUBJECT);
- if (subject != null) {
+ final boolean useJAASSubject = MessageUtils
+ .getContextualBoolean(msg, SecurityConstants.SC_FROM_JAAS_SUBJECT, true);
+ if ((subject != null) && !(p instanceof KerberosPrincipal) && useJAASSubject) {
String roleClassifier =
(String)msg.getContextualProperty(SecurityConstants.SUBJECT_ROLE_CLASSIFIER);
if (roleClassifier != null && !"".equals(roleClassifier)) {