You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicemix.apache.org by ff...@apache.org on 2009/06/18 11:18:05 UTC
svn commit: r785976 - in
/servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src:
main/java/org/apache/servicemix/cxfbc/
main/java/org/apache/servicemix/cxfbc/interceptors/
test/resources/org/apache/servicemix/cxfbc...
Author: ffang
Date: Thu Jun 18 09:18:04 2009
New Revision: 785976
URL: http://svn.apache.org/viewvc?rev=785976&view=rev
Log:
[SMXCOMP-572]JbiJAASInterceptor should also support WS-Security X.509 Certificate Token Profile
Modified:
servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcConsumer.java
servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/interceptors/JbiJAASInterceptor.java
servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/xbean.xml
Modified: servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcConsumer.java
URL: http://svn.apache.org/viewvc/servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcConsumer.java?rev=785976&r1=785975&r2=785976&view=diff
==============================================================================
--- servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcConsumer.java (original)
+++ servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcConsumer.java Thu Jun 18 09:18:04 2009
@@ -169,6 +169,8 @@
private ClassLoader suClassLoader;
+ private boolean x509;
+
/**
* @return the wsdl
*/
@@ -446,7 +448,7 @@
cxfService.getInInterceptors().add(
new JbiJAASInterceptor(((CxfBcComponent) this
.getServiceUnit().getComponent())
- .getConfiguration().getAuthenticationService()));
+ .getConfiguration().getAuthenticationService(), isX509()));
cxfService.getInInterceptors().add(new JbiInvokerInterceptor());
cxfService.getInInterceptors().add(new JbiPostInvokerInterceptor());
@@ -1097,4 +1099,20 @@
return features;
}
+ /**
+ * Specifies if the endpoint use X.509 Certificate to do the authentication.
+ *
+ * @param x509
+ * a boolean
+ * @org.apache.xbean.Property description="Specifies if the endpoint use X.509 Certificate to do the authentication.
+ * Default is <code>false</code>.
+ */
+ public void setX509(boolean x509) {
+ this.x509 = x509;
+ }
+
+ public boolean isX509() {
+ return x509;
+ }
+
}
Modified: servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/interceptors/JbiJAASInterceptor.java
URL: http://svn.apache.org/viewvc/servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/interceptors/JbiJAASInterceptor.java?rev=785976&r1=785975&r2=785976&view=diff
==============================================================================
--- servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/interceptors/JbiJAASInterceptor.java (original)
+++ servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/interceptors/JbiJAASInterceptor.java Thu Jun 18 09:18:04 2009
@@ -17,6 +17,7 @@
package org.apache.servicemix.cxfbc.interceptors;
import java.security.GeneralSecurityException;
+import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;
@@ -39,13 +40,15 @@
private String domain = "servicemix-domain";
private AuthenticationService authenticationService;
private ThreadLocal<Subject> currentSubject = new ThreadLocal<Subject>();
+ private boolean x509;
- public JbiJAASInterceptor(AuthenticationService authenticationService) {
+ public JbiJAASInterceptor(AuthenticationService authenticationService, boolean x509) {
super();
setPhase(Phase.PRE_PROTOCOL);
getAfter().add(WSS4JInInterceptor.class.getName());
this.authenticationService = authenticationService;
+ this.x509 = x509;
}
@@ -63,11 +66,17 @@
if (results == null) {
return;
}
+
for (Iterator iter = results.iterator(); iter.hasNext();) {
WSHandlerResult hr = (WSHandlerResult) iter.next();
if (hr == null || hr.getResults() == null) {
return;
}
+ boolean authenticated = false;
+ //favor WSSE UsernameToken based authentication over X.509 certificate
+ //based authentication. For that purpose we iterate twice over the
+ //WSHandler result list
+
for (Iterator it = hr.getResults().iterator(); it.hasNext();) {
WSSecurityEngineResult er = (WSSecurityEngineResult) it.next();
@@ -75,8 +84,21 @@
WSUsernameTokenPrincipal p = (WSUsernameTokenPrincipal)er.getPrincipal();
subject.getPrincipals().add(p);
this.authenticationService.authenticate(subject, domain, p.getName(), p.getPassword());
+ authenticated = true;
}
}
+ //Second iteration checking for X.509 certificate to run authentication on
+ //but only if not already authenticated on WSSE UsernameToken
+ if (!authenticated && x509) {
+ for (Iterator it = hr.getResults().iterator(); it.hasNext();) {
+ WSSecurityEngineResult er = (WSSecurityEngineResult) it.next();
+ if (er != null && er.getCertificate() instanceof X509Certificate) {
+ X509Certificate cert = er.getCertificate();
+ this.authenticationService.authenticate(subject, domain, cert.getIssuerX500Principal().getName(), cert);
+ }
+ }
+ }
+
}
message.put(Subject.class, subject);
Modified: servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/xbean.xml
URL: http://svn.apache.org/viewvc/servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/xbean.xml?rev=785976&r1=785975&r2=785976&view=diff
==============================================================================
--- servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/xbean.xml (original)
+++ servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/xbean.xml Thu Jun 18 09:18:04 2009
@@ -46,6 +46,7 @@
targetEndpoint="TimestampSignEncrypt"
targetService="greeter:SOAPServiceWSSecurity"
targetInterface="greeter:Greeter"
+ x509="false"
>
<cxfbc:inInterceptors>
<bean class="org.apache.cxf.interceptor.LoggingInInterceptor"/>