You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2010/11/07 16:08:34 UTC
svn commit: r1032296 - in /cxf/trunk:
rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java
systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleUsernameTokenInterceptor.java
Author: sergeyb
Date: Sun Nov 7 15:08:33 2010
New Revision: 1032296
URL: http://svn.apache.org/viewvc?rev=1032296&view=rev
Log:
[CXF-3063] : selecting Subject principal by default
Modified:
cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleUsernameTokenInterceptor.java
Modified: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java?rev=1032296&r1=1032295&r2=1032296&view=diff
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java (original)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java Sun Nov 7 15:08:33 2010
@@ -19,6 +19,7 @@
package org.apache.cxf.interceptor.security;
import java.security.Principal;
+import java.security.acl.Group;
import java.util.logging.Logger;
import javax.security.auth.Subject;
@@ -62,10 +63,20 @@ public abstract class AbstractSecurityCo
reportSecurityException("Failed Authentication : Invalid Subject");
}
- SecurityContext sc = createSecurityContext(context.getUserPrincipal(), subject);
+ Principal principal = getPrincipal(context.getUserPrincipal(), subject);
+ SecurityContext sc = createSecurityContext(principal, subject);
message.put(SecurityContext.class, sc);
}
+ protected Principal getPrincipal(Principal originalPrincipal, Subject subject) {
+ Principal[] ps = subject.getPrincipals().toArray(new Principal[]{});
+ if (ps != null && ps.length > 0 && !(ps[0] instanceof Group)) {
+ return ps[0];
+ } else {
+ return originalPrincipal;
+ }
+ }
+
protected SecurityContext createSecurityContext(Principal p, Subject subject) {
return new DefaultSecurityContext(p, subject);
}
Modified: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleUsernameTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleUsernameTokenInterceptor.java?rev=1032296&r1=1032295&r2=1032296&view=diff
==============================================================================
--- cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleUsernameTokenInterceptor.java (original)
+++ cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleUsernameTokenInterceptor.java Sun Nov 7 15:08:33 2010
@@ -18,12 +18,15 @@
*/
package org.apache.cxf.systest.ws.wssec10.server;
+import java.security.Principal;
+
import javax.security.auth.Subject;
import org.apache.cxf.common.security.SimpleGroup;
import org.apache.cxf.common.security.SimplePrincipal;
import org.apache.cxf.common.security.UsernameToken;
import org.apache.cxf.interceptor.security.AbstractUsernameTokenInInterceptor;
+import org.apache.cxf.security.SecurityContext;
public class SimpleUsernameTokenInterceptor extends AbstractUsernameTokenInInterceptor {
@@ -32,6 +35,13 @@ public class SimpleUsernameTokenIntercep
ut.getNonce(), ut.getCreatedTime());
}
+ protected SecurityContext createSecurityContext(Principal p, Subject subject) {
+ if (p == null || p != subject.getPrincipals().toArray()[0]) {
+ throw new SecurityException();
+ }
+ return super.createSecurityContext(p, subject);
+ }
+
protected Subject createSubject(String name,
String password,
boolean isDigest,