You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2011/02/09 22:56:05 UTC
svn commit: r1069130 - in /cxf/trunk:
api/src/main/java/org/apache/cxf/security/
rt/core/src/main/java/org/apache/cxf/interceptor/security/
rt/core/src/test/java/org/apache/cxf/interceptor/security/
rt/ws/security/src/main/java/org/apache/cxf/ws/securi...
Author: sergeyb
Date: Wed Feb 9 21:56:04 2011
New Revision: 1069130
URL: http://svn.apache.org/viewvc?rev=1069130&view=rev
Log:
[CXF-3322] Adding LoginSecurityContext interface
Added:
cxf/trunk/api/src/main/java/org/apache/cxf/security/LoginSecurityContext.java (with props)
cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImplTest.java (with props)
Removed:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultSecurityContext.java
Modified:
cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java
cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java
Added: cxf/trunk/api/src/main/java/org/apache/cxf/security/LoginSecurityContext.java
URL: http://svn.apache.org/viewvc/cxf/trunk/api/src/main/java/org/apache/cxf/security/LoginSecurityContext.java?rev=1069130&view=auto
==============================================================================
--- cxf/trunk/api/src/main/java/org/apache/cxf/security/LoginSecurityContext.java (added)
+++ cxf/trunk/api/src/main/java/org/apache/cxf/security/LoginSecurityContext.java Wed Feb 9 21:56:04 2011
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.security;
+
+import java.security.Principal;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+/**
+ * LoginSecurityContext provides additional information about the
+ * authenticated principal.
+ *
+ * {@link SecurityContext} implementations which can get the authenticated
+ * Subject and/or the list of the user roles may implement this interface.
+ */
+public interface LoginSecurityContext extends SecurityContext {
+
+ /**
+ * Returns the Subject representing the current authenticated user.
+ * @return the subject
+ */
+ Subject getSubject();
+ /**
+ * Returns a set of Principals representing the roles
+ * assigned to the current authenticated user Principal
+ * @return the roles
+ */
+ Set<Principal> getUserRoles();
+}
Propchange: cxf/trunk/api/src/main/java/org/apache/cxf/security/LoginSecurityContext.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/api/src/main/java/org/apache/cxf/security/LoginSecurityContext.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java?rev=1069130&r1=1069129&r2=1069130&view=diff
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java (original)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java Wed Feb 9 21:56:04 2011
@@ -21,10 +21,12 @@ package org.apache.cxf.interceptor.secur
import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Set;
import javax.security.auth.Subject;
-import org.apache.cxf.security.SecurityContext;
+import org.apache.cxf.security.LoginSecurityContext;
/**
* SecurityContext which implements isUserInRole using the
@@ -33,7 +35,7 @@ import org.apache.cxf.security.SecurityC
*
* TODO : consider moving this class into a rt-core-security module
*/
-public class DefaultSecurityContext implements SecurityContext {
+public class DefaultSecurityContext implements LoginSecurityContext {
private Principal p;
private Subject subject;
@@ -89,4 +91,22 @@ public class DefaultSecurityContext impl
}
return false;
}
+
+ @Override
+ public Subject getSubject() {
+ return subject;
+ }
+
+ @Override
+ public Set<Principal> getUserRoles() {
+ Set<Principal> roles = new HashSet<Principal>();
+ if (subject != null) {
+ for (Principal principal : subject.getPrincipals()) {
+ if (principal != p) {
+ roles.add(principal);
+ }
+ }
+ }
+ return roles;
+ }
}
Modified: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java?rev=1069130&r1=1069129&r2=1069130&view=diff
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java (original)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java Wed Feb 9 21:56:04 2011
@@ -20,20 +20,23 @@
package org.apache.cxf.interceptor.security;
import java.security.Principal;
+import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.Subject;
-import org.apache.cxf.security.SecurityContext;
+import org.apache.cxf.security.LoginSecurityContext;
-public class RolePrefixSecurityContextImpl implements SecurityContext {
+public class RolePrefixSecurityContextImpl implements LoginSecurityContext {
private Principal p;
- private Set<String> roles;
+ private Set<Principal> roles;
+ private Subject theSubject;
public RolePrefixSecurityContextImpl(Subject subject, String rolePrefix) {
this.p = findPrincipal(subject, rolePrefix);
this.roles = findRoles(subject, rolePrefix);
+ this.theSubject = subject;
}
public Principal getUserPrincipal() {
@@ -41,7 +44,14 @@ public class RolePrefixSecurityContextIm
}
public boolean isUserInRole(String role) {
- return roles.contains(role);
+ // there is no guarantee the Principal instances retrieved
+ // from the Subject properly implement equalTo
+ for (Principal principal : roles) {
+ if (principal.getName().equals(role)) {
+ return true;
+ }
+ }
+ return false;
}
private static Principal findPrincipal(Subject subject, String rolePrefix) {
@@ -53,13 +63,21 @@ public class RolePrefixSecurityContextIm
return null;
}
- private static Set<String> findRoles(Subject subject, String rolePrefix) {
- Set<String> set = new HashSet<String>();
+ private static Set<Principal> findRoles(Subject subject, String rolePrefix) {
+ Set<Principal> set = new HashSet<Principal>();
for (Principal p : subject.getPrincipals()) {
if (p.getName().startsWith(rolePrefix)) {
- set.add(p.getName());
+ set.add(p);
}
}
- return set;
+ return Collections.unmodifiableSet(set);
+ }
+
+ public Subject getSubject() {
+ return theSubject;
+ }
+
+ public Set<Principal> getUserRoles() {
+ return roles;
}
}
\ No newline at end of file
Modified: cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java?rev=1069130&r1=1069129&r2=1069130&view=diff
==============================================================================
--- cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java (original)
+++ cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java Wed Feb 9 21:56:04 2011
@@ -20,11 +20,14 @@ package org.apache.cxf.interceptor.secur
import java.security.Principal;
import java.security.acl.Group;
+import java.util.HashSet;
+import java.util.Set;
import javax.security.auth.Subject;
import org.apache.cxf.common.security.SimpleGroup;
import org.apache.cxf.common.security.SimplePrincipal;
+import org.apache.cxf.security.LoginSecurityContext;
import org.junit.Assert;
import org.junit.Test;
@@ -49,6 +52,32 @@ public class DefaultSecurityContextTest
}
@Test
+ public void testMultipleRoles() {
+ Subject s = new Subject();
+ Principal p = new SimplePrincipal("Barry");
+ s.getPrincipals().add(p);
+
+ Set<Principal> roles = new HashSet<Principal>();
+ roles.add(new SimpleGroup("friend", p));
+ roles.add(new SimpleGroup("admin", p));
+ s.getPrincipals().addAll(roles);
+
+ LoginSecurityContext context = new DefaultSecurityContext(p, s);
+ assertTrue(context.isUserInRole("friend"));
+ assertTrue(context.isUserInRole("admin"));
+ assertFalse(context.isUserInRole("bar"));
+
+ Set<Principal> roles2 = context.getUserRoles();
+ assertEquals(roles2, roles);
+ }
+
+ @Test
+ public void testGetSubject() {
+ Subject s = new Subject();
+ assertSame(new DefaultSecurityContext(s).getSubject(), s);
+ }
+
+ @Test
public void testUserInRole2() {
Subject s = new Subject();
Principal p = new SimplePrincipal("Barry");
Added: cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImplTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImplTest.java?rev=1069130&view=auto
==============================================================================
--- cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImplTest.java (added)
+++ cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImplTest.java Wed Feb 9 21:56:04 2011
@@ -0,0 +1,79 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.interceptor.security;
+
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+import org.apache.cxf.common.security.SimplePrincipal;
+import org.apache.cxf.security.LoginSecurityContext;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class RolePrefixSecurityContextImplTest extends Assert {
+
+ @Test
+ public void testUserNotInRole() {
+ Subject s = new Subject();
+ Principal p = new SimplePrincipal("Barry");
+ s.getPrincipals().add(p);
+ assertFalse(new RolePrefixSecurityContextImpl(s, "").isUserInRole("friend"));
+ }
+
+ @Test
+ public void testUserInRole() {
+ Subject s = new Subject();
+ Principal p = new SimplePrincipal("Barry");
+ s.getPrincipals().add(p);
+ s.getPrincipals().add(new SimplePrincipal("role_friend"));
+ assertTrue(new RolePrefixSecurityContextImpl(s, "role_")
+ .isUserInRole("role_friend"));
+ }
+
+ @Test
+ public void testMultipleRoles() {
+ Subject s = new Subject();
+ Principal p = new SimplePrincipal("Barry");
+ s.getPrincipals().add(p);
+
+ Set<Principal> roles = new HashSet<Principal>();
+ roles.add(new SimplePrincipal("role_friend"));
+ roles.add(new SimplePrincipal("role_admin"));
+ s.getPrincipals().addAll(roles);
+
+ LoginSecurityContext context = new RolePrefixSecurityContextImpl(s, "role_");
+ assertTrue(context.isUserInRole("role_friend"));
+ assertTrue(context.isUserInRole("role_admin"));
+ assertFalse(context.isUserInRole("role_bar"));
+
+ Set<Principal> roles2 = context.getUserRoles();
+ assertEquals(roles2, roles);
+ }
+
+ @Test
+ public void testGetSubject() {
+ Subject s = new Subject();
+ assertSame(new RolePrefixSecurityContextImpl(s, "").getSubject(), s);
+ }
+
+}
Propchange: cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImplTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImplTest.java
------------------------------------------------------------------------------
svn:keywords = Rev Date