You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2011/02/09 22:42:20 UTC
svn commit: r1069127 - in /cxf/trunk:
api/src/main/java/org/apache/cxf/security/
rt/core/src/main/java/org/apache/cxf/interceptor/security/
rt/core/src/test/java/org/apache/cxf/interceptor/security/
rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/...
Author: sergeyb
Date: Wed Feb 9 21:42:20 2011
New Revision: 1069127
URL: http://svn.apache.org/viewvc?rev=1069127&view=rev
Log:
Reverting r1069123
Added:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultSecurityContext.java
- copied unchanged from r1069122, cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultSecurityContext.java
Removed:
cxf/trunk/api/src/main/java/org/apache/cxf/security/LoginSecurityContext.java
cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImplTest.java
Modified:
cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java
cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java
Modified: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java?rev=1069127&r1=1069126&r2=1069127&view=diff
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java (original)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java Wed Feb 9 21:42:20 2011
@@ -21,12 +21,10 @@ package org.apache.cxf.interceptor.secur
import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.Set;
import javax.security.auth.Subject;
-import org.apache.cxf.security.LoginSecurityContext;
+import org.apache.cxf.security.SecurityContext;
/**
* SecurityContext which implements isUserInRole using the
@@ -35,7 +33,7 @@ import org.apache.cxf.security.LoginSecu
*
* TODO : consider moving this class into a rt-core-security module
*/
-public class DefaultSecurityContext implements LoginSecurityContext {
+public class DefaultSecurityContext implements SecurityContext {
private Principal p;
private Subject subject;
@@ -91,22 +89,4 @@ public class DefaultSecurityContext impl
}
return false;
}
-
- @Override
- public Subject getSubject() {
- return subject;
- }
-
- @Override
- public Set<Principal> getUserRoles() {
- Set<Principal> roles = new HashSet<Principal>();
- if (subject != null) {
- for (Principal principal : subject.getPrincipals()) {
- if (principal != p) {
- roles.add(principal);
- }
- }
- }
- return roles;
- }
}
Modified: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java?rev=1069127&r1=1069126&r2=1069127&view=diff
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java (original)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java Wed Feb 9 21:42:20 2011
@@ -20,23 +20,20 @@
package org.apache.cxf.interceptor.security;
import java.security.Principal;
-import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.Subject;
-import org.apache.cxf.security.LoginSecurityContext;
+import org.apache.cxf.security.SecurityContext;
-public class RolePrefixSecurityContextImpl implements LoginSecurityContext {
+public class RolePrefixSecurityContextImpl implements SecurityContext {
private Principal p;
- private Set<Principal> roles;
- private Subject theSubject;
+ private Set<String> roles;
public RolePrefixSecurityContextImpl(Subject subject, String rolePrefix) {
this.p = findPrincipal(subject, rolePrefix);
this.roles = findRoles(subject, rolePrefix);
- this.theSubject = subject;
}
public Principal getUserPrincipal() {
@@ -44,14 +41,7 @@ public class RolePrefixSecurityContextIm
}
public boolean isUserInRole(String role) {
- // there is no guarantee the Principal instances retrieved
- // from the Subject properly implement equalTo
- for (Principal principal : roles) {
- if (principal.getName().equals(role)) {
- return true;
- }
- }
- return false;
+ return roles.contains(role);
}
private static Principal findPrincipal(Subject subject, String rolePrefix) {
@@ -63,21 +53,13 @@ public class RolePrefixSecurityContextIm
return null;
}
- private static Set<Principal> findRoles(Subject subject, String rolePrefix) {
- Set<Principal> set = new HashSet<Principal>();
+ private static Set<String> findRoles(Subject subject, String rolePrefix) {
+ Set<String> set = new HashSet<String>();
for (Principal p : subject.getPrincipals()) {
if (p.getName().startsWith(rolePrefix)) {
- set.add(p);
+ set.add(p.getName());
}
}
- return Collections.unmodifiableSet(set);
- }
-
- public Subject getSubject() {
- return theSubject;
- }
-
- public Set<Principal> getUserRoles() {
- return roles;
+ return set;
}
}
\ No newline at end of file
Modified: cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java?rev=1069127&r1=1069126&r2=1069127&view=diff
==============================================================================
--- cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java (original)
+++ cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java Wed Feb 9 21:42:20 2011
@@ -20,14 +20,11 @@ package org.apache.cxf.interceptor.secur
import java.security.Principal;
import java.security.acl.Group;
-import java.util.HashSet;
-import java.util.Set;
import javax.security.auth.Subject;
import org.apache.cxf.common.security.SimpleGroup;
import org.apache.cxf.common.security.SimplePrincipal;
-import org.apache.cxf.security.LoginSecurityContext;
import org.junit.Assert;
import org.junit.Test;
@@ -52,32 +49,6 @@ public class DefaultSecurityContextTest
}
@Test
- public void testMultipleRoles() {
- Subject s = new Subject();
- Principal p = new SimplePrincipal("Barry");
- s.getPrincipals().add(p);
-
- Set<Principal> roles = new HashSet<Principal>();
- roles.add(new SimpleGroup("friend", p));
- roles.add(new SimpleGroup("admin", p));
- s.getPrincipals().addAll(roles);
-
- LoginSecurityContext context = new DefaultSecurityContext(p, s);
- assertTrue(context.isUserInRole("friend"));
- assertTrue(context.isUserInRole("admin"));
- assertFalse(context.isUserInRole("bar"));
-
- Set<Principal> roles2 = context.getUserRoles();
- assertEquals(roles2, roles);
- }
-
- @Test
- public void testGetSubject() {
- Subject s = new Subject();
- assertSame(new DefaultSecurityContext(s).getSubject(), s);
- }
-
- @Test
public void testUserInRole2() {
Subject s = new Subject();
Principal p = new SimplePrincipal("Barry");
Modified: cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java?rev=1069127&r1=1069126&r2=1069127&view=diff
==============================================================================
--- cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java (original)
+++ cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java Wed Feb 9 21:42:20 2011
@@ -38,26 +38,19 @@ import javax.xml.stream.XMLStreamReader;
import javax.xml.stream.XMLStreamWriter;
import javax.xml.transform.Source;
import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.sax.SAXSource;
import javax.xml.transform.stream.StreamSource;
import org.w3c.dom.Document;
import org.apache.cxf.jaxrs.ext.xml.XMLSource;
-import org.apache.cxf.jaxrs.utils.HttpUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.phase.PhaseInterceptorChain;
-import org.apache.cxf.staxutils.StaxSource;
import org.apache.cxf.staxutils.StaxUtils;
@Provider
@Produces({"application/xml", "application/*+xml", "text/xml" })
@Consumes({"application/xml", "application/*+xml", "text/xml", "text/html" })
-public class SourceProvider extends AbstractConfigurableProvider implements
+public class SourceProvider implements
MessageBodyReader<Object>, MessageBodyWriter<Source> {
- private static final String PREFERRED_FORMAT = "source-preferred-format";
-
public boolean isWriteable(Class<?> type, Type genericType, Annotation[] annotations, MediaType mt) {
return Source.class.isAssignableFrom(type);
}
@@ -71,18 +64,9 @@ public class SourceProvider extends Abst
public Object readFrom(Class<Object> source, Type genericType, Annotation[] annotations, MediaType m,
MultivaluedMap<String, String> headers, InputStream is)
throws IOException {
-
- Class<?> theSource = source;
- if (theSource == Source.class) {
- String s = getPreferredSource();
- if ("sax".equalsIgnoreCase(s) || "cxf.stax".equalsIgnoreCase(s)) {
- theSource = SAXSource.class;
- }
- }
-
- if (DOMSource.class.isAssignableFrom(theSource) || Document.class.isAssignableFrom(theSource)) {
+ if (DOMSource.class.isAssignableFrom(source) || Document.class.isAssignableFrom(source)) {
- boolean docRequired = Document.class.isAssignableFrom(theSource);
+ boolean docRequired = Document.class.isAssignableFrom(source);
XMLStreamReader reader = StaxUtils.createXMLStreamReader(is);
try {
Document doc = StaxUtils.read(reader);
@@ -98,34 +82,21 @@ public class SourceProvider extends Abst
//ignore
}
}
- } else if (SAXSource.class.isAssignableFrom(theSource)
- || StaxSource.class.isAssignableFrom(theSource)) {
- return new StaxSource(StaxUtils.createXMLStreamReader(is));
- }
- else if (StreamSource.class.isAssignableFrom(theSource)
- || Source.class.isAssignableFrom(theSource)) {
+ } else if (StreamSource.class.isAssignableFrom(source)
+ || Source.class.isAssignableFrom(source)) {
return new StreamSource(is);
- } else if (XMLSource.class.isAssignableFrom(theSource)) {
+ } else if (XMLSource.class.isAssignableFrom(source)) {
return new XMLSource(is);
}
throw new IOException("Unrecognized source");
}
- protected String getPreferredSource() {
- Message m = PhaseInterceptorChain.getCurrentMessage();
- if (m != null) {
- return (String)m.getContextualProperty(PREFERRED_FORMAT);
- } else {
- return "sax";
- }
- }
-
public void writeTo(Source source, Class<?> clazz, Type genericType, Annotation[] annotations,
- MediaType mt, MultivaluedMap<String, Object> headers, OutputStream os)
+ MediaType m, MultivaluedMap<String, Object> headers, OutputStream os)
throws IOException {
- String encoding = HttpUtils.getSetEncoding(mt, headers, "UTF-8");
+ String encoding = "utf-8"; //FIXME
XMLStreamReader reader = StaxUtils.createXMLStreamReader(source);
XMLStreamWriter writer = StaxUtils.createXMLStreamWriter(os, encoding);