You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2011/02/11 17:07:30 UTC
svn commit: r1069856 - in /cxf/branches/2.3.x-fixes: ./
api/src/main/java/org/apache/cxf/security/
rt/core/src/main/java/org/apache/cxf/interceptor/security/
rt/core/src/test/java/org/apache/cxf/interceptor/security/
rt/ws/security/src/main/java/org/ap...
Author: sergeyb
Date: Fri Feb 11 16:07:30 2011
New Revision: 1069856
URL: http://svn.apache.org/viewvc?rev=1069856&view=rev
Log:
Merged revisions 1069130 via svnmerge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1069130 | sergeyb | 2011-02-09 21:56:04 +0000 (Wed, 09 Feb 2011) | 1 line
[CXF-3322] Adding LoginSecurityContext interface
........
Added:
cxf/branches/2.3.x-fixes/api/src/main/java/org/apache/cxf/security/LoginSecurityContext.java
- copied unchanged from r1069130, cxf/trunk/api/src/main/java/org/apache/cxf/security/LoginSecurityContext.java
cxf/branches/2.3.x-fixes/rt/core/src/test/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImplTest.java
- copied unchanged from r1069130, cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImplTest.java
Removed:
cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultSecurityContext.java
Modified:
cxf/branches/2.3.x-fixes/ (props changed)
cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java
cxf/branches/2.3.x-fixes/rt/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java
Propchange: cxf/branches/2.3.x-fixes/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Feb 11 16:07:30 2011
@@ -1 +1 @@
-/cxf/trunk:1068320,1068337,1068525,1068867,1068877,1069249,1069318,1069492,1069500,1069716,1069720,1069814
+/cxf/trunk:1068320,1068337,1068525,1068867,1068877,1069130,1069249,1069318,1069492,1069500,1069716,1069720,1069814
Propchange: cxf/branches/2.3.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified: cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java?rev=1069856&r1=1069855&r2=1069856&view=diff
==============================================================================
--- cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java (original)
+++ cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java Fri Feb 11 16:07:30 2011
@@ -21,10 +21,12 @@ package org.apache.cxf.interceptor.secur
import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Set;
import javax.security.auth.Subject;
-import org.apache.cxf.security.SecurityContext;
+import org.apache.cxf.security.LoginSecurityContext;
/**
* SecurityContext which implements isUserInRole using the
@@ -33,7 +35,7 @@ import org.apache.cxf.security.SecurityC
*
* TODO : consider moving this class into a rt-core-security module
*/
-public class DefaultSecurityContext implements SecurityContext {
+public class DefaultSecurityContext implements LoginSecurityContext {
private Principal p;
private Subject subject;
@@ -89,4 +91,22 @@ public class DefaultSecurityContext impl
}
return false;
}
+
+ @Override
+ public Subject getSubject() {
+ return subject;
+ }
+
+ @Override
+ public Set<Principal> getUserRoles() {
+ Set<Principal> roles = new HashSet<Principal>();
+ if (subject != null) {
+ for (Principal principal : subject.getPrincipals()) {
+ if (principal != p) {
+ roles.add(principal);
+ }
+ }
+ }
+ return roles;
+ }
}
Modified: cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java?rev=1069856&r1=1069855&r2=1069856&view=diff
==============================================================================
--- cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java (original)
+++ cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java Fri Feb 11 16:07:30 2011
@@ -20,20 +20,23 @@
package org.apache.cxf.interceptor.security;
import java.security.Principal;
+import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.Subject;
-import org.apache.cxf.security.SecurityContext;
+import org.apache.cxf.security.LoginSecurityContext;
-public class RolePrefixSecurityContextImpl implements SecurityContext {
+public class RolePrefixSecurityContextImpl implements LoginSecurityContext {
private Principal p;
- private Set<String> roles;
+ private Set<Principal> roles;
+ private Subject theSubject;
public RolePrefixSecurityContextImpl(Subject subject, String rolePrefix) {
this.p = findPrincipal(subject, rolePrefix);
this.roles = findRoles(subject, rolePrefix);
+ this.theSubject = subject;
}
public Principal getUserPrincipal() {
@@ -41,7 +44,14 @@ public class RolePrefixSecurityContextIm
}
public boolean isUserInRole(String role) {
- return roles.contains(role);
+ // there is no guarantee the Principal instances retrieved
+ // from the Subject properly implement equalTo
+ for (Principal principal : roles) {
+ if (principal.getName().equals(role)) {
+ return true;
+ }
+ }
+ return false;
}
private static Principal findPrincipal(Subject subject, String rolePrefix) {
@@ -53,13 +63,21 @@ public class RolePrefixSecurityContextIm
return null;
}
- private static Set<String> findRoles(Subject subject, String rolePrefix) {
- Set<String> set = new HashSet<String>();
+ private static Set<Principal> findRoles(Subject subject, String rolePrefix) {
+ Set<Principal> set = new HashSet<Principal>();
for (Principal p : subject.getPrincipals()) {
if (p.getName().startsWith(rolePrefix)) {
- set.add(p.getName());
+ set.add(p);
}
}
- return set;
+ return Collections.unmodifiableSet(set);
+ }
+
+ public Subject getSubject() {
+ return theSubject;
+ }
+
+ public Set<Principal> getUserRoles() {
+ return roles;
}
}
\ No newline at end of file
Modified: cxf/branches/2.3.x-fixes/rt/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/rt/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java?rev=1069856&r1=1069855&r2=1069856&view=diff
==============================================================================
--- cxf/branches/2.3.x-fixes/rt/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java (original)
+++ cxf/branches/2.3.x-fixes/rt/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java Fri Feb 11 16:07:30 2011
@@ -20,11 +20,14 @@ package org.apache.cxf.interceptor.secur
import java.security.Principal;
import java.security.acl.Group;
+import java.util.HashSet;
+import java.util.Set;
import javax.security.auth.Subject;
import org.apache.cxf.common.security.SimpleGroup;
import org.apache.cxf.common.security.SimplePrincipal;
+import org.apache.cxf.security.LoginSecurityContext;
import org.junit.Assert;
import org.junit.Test;
@@ -49,6 +52,32 @@ public class DefaultSecurityContextTest
}
@Test
+ public void testMultipleRoles() {
+ Subject s = new Subject();
+ Principal p = new SimplePrincipal("Barry");
+ s.getPrincipals().add(p);
+
+ Set<Principal> roles = new HashSet<Principal>();
+ roles.add(new SimpleGroup("friend", p));
+ roles.add(new SimpleGroup("admin", p));
+ s.getPrincipals().addAll(roles);
+
+ LoginSecurityContext context = new DefaultSecurityContext(p, s);
+ assertTrue(context.isUserInRole("friend"));
+ assertTrue(context.isUserInRole("admin"));
+ assertFalse(context.isUserInRole("bar"));
+
+ Set<Principal> roles2 = context.getUserRoles();
+ assertEquals(roles2, roles);
+ }
+
+ @Test
+ public void testGetSubject() {
+ Subject s = new Subject();
+ assertSame(new DefaultSecurityContext(s).getSubject(), s);
+ }
+
+ @Test
public void testUserInRole2() {
Subject s = new Subject();
Principal p = new SimplePrincipal("Barry");