You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2010/11/07 16:11:11 UTC

svn commit: r1032297 - in /cxf/branches/2.3.x-fixes: ./ rt/core/src/main/java/org/apache/cxf/interceptor/security/ systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/

Author: sergeyb
Date: Sun Nov  7 15:11:11 2010
New Revision: 1032297

URL: http://svn.apache.org/viewvc?rev=1032297&view=rev
Log:
Merged revisions 1032296 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1032296 | sergeyb | 2010-11-07 15:08:33 +0000 (Sun, 07 Nov 2010) | 1 line
  
  [CXF-3063] : selecting Subject principal by default
........

Modified:
    cxf/branches/2.3.x-fixes/   (props changed)
    cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java
    cxf/branches/2.3.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleUsernameTokenInterceptor.java

Propchange: cxf/branches/2.3.x-fixes/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sun Nov  7 15:11:11 2010
@@ -1 +1 @@
-/cxf/trunk:1022599-1022884,1027274,1027462,1027509,1027553,1027599,1030053,1030189
+/cxf/trunk:1022599-1022884,1027274,1027462,1027509,1027553,1027599,1030053,1030189,1032296

Propchange: cxf/branches/2.3.x-fixes/
------------------------------------------------------------------------------
--- svnmerge-integrated (original)
+++ svnmerge-integrated Sun Nov  7 15:11:11 2010
@@ -1 +1 @@
-/cxf/trunk:1-1022129,1022154,1022194,1022401-1022402,1022599-1022884,1022911,1023068,1023121,1023597-1026352,1026549,1026551,1027244,1027269,1027274,1027462,1027509,1027553,1027599,1028170,1029943,1030053,1030189
+/cxf/trunk:1-1022129,1022154,1022194,1022401-1022402,1022599-1022884,1022911,1023068,1023121,1023597-1026352,1026549,1026551,1027244,1027269,1027274,1027462,1027509,1027553,1027599,1028170,1029943,1030053,1030189,1032296

Modified: cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java?rev=1032297&r1=1032296&r2=1032297&view=diff
==============================================================================
--- cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java (original)
+++ cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java Sun Nov  7 15:11:11 2010
@@ -19,6 +19,7 @@
 package org.apache.cxf.interceptor.security;
 
 import java.security.Principal;
+import java.security.acl.Group;
 import java.util.logging.Logger;
 
 import javax.security.auth.Subject;
@@ -62,10 +63,20 @@ public abstract class AbstractSecurityCo
             reportSecurityException("Failed Authentication : Invalid Subject");
         }
         
-        SecurityContext sc = createSecurityContext(context.getUserPrincipal(), subject);
+        Principal principal = getPrincipal(context.getUserPrincipal(), subject);        
+        SecurityContext sc = createSecurityContext(principal, subject);
         message.put(SecurityContext.class, sc);
     }
     
+    protected Principal getPrincipal(Principal originalPrincipal, Subject subject) {
+        Principal[] ps = subject.getPrincipals().toArray(new Principal[]{});
+        if (ps != null && ps.length > 0 && !(ps[0] instanceof Group)) {
+            return ps[0];
+        } else {
+            return originalPrincipal;
+        }
+    }
+    
     protected SecurityContext createSecurityContext(Principal p, Subject subject) {
         return new DefaultSecurityContext(p, subject);
     }

Modified: cxf/branches/2.3.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleUsernameTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleUsernameTokenInterceptor.java?rev=1032297&r1=1032296&r2=1032297&view=diff
==============================================================================
--- cxf/branches/2.3.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleUsernameTokenInterceptor.java (original)
+++ cxf/branches/2.3.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleUsernameTokenInterceptor.java Sun Nov  7 15:11:11 2010
@@ -18,12 +18,15 @@
  */
 package org.apache.cxf.systest.ws.wssec10.server;
 
+import java.security.Principal;
+
 import javax.security.auth.Subject;
 
 import org.apache.cxf.common.security.SimpleGroup;
 import org.apache.cxf.common.security.SimplePrincipal;
 import org.apache.cxf.common.security.UsernameToken;
 import org.apache.cxf.interceptor.security.AbstractUsernameTokenInInterceptor;
+import org.apache.cxf.security.SecurityContext;
 
 public class SimpleUsernameTokenInterceptor extends AbstractUsernameTokenInInterceptor {
     
@@ -32,6 +35,13 @@ public class SimpleUsernameTokenIntercep
                              ut.getNonce(), ut.getCreatedTime());
     }
     
+    protected SecurityContext createSecurityContext(Principal p, Subject subject) {
+        if (p == null || p != subject.getPrincipals().toArray()[0]) {
+            throw new SecurityException();
+        }
+        return super.createSecurityContext(p, subject);
+    }
+    
     protected Subject createSubject(String name, 
                                     String password, 
                                     boolean isDigest,