You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by cs...@apache.org on 2014/07/11 18:00:59 UTC

git commit: CXF-5868 Quick Fix for JAASAuthentication filter to run without doAs

Repository: cxf
Updated Branches:
  refs/heads/master e5e77b73c -> 9be6ef67c


CXF-5868 Quick Fix for JAASAuthentication filter to run without doAs


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9be6ef67
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9be6ef67
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9be6ef67

Branch: refs/heads/master
Commit: 9be6ef67c1099992a44e91cf1af48b43123d6cbc
Parents: e5e77b7
Author: Christian Schneider <ch...@die-schneider.net>
Authored: Fri Jul 11 18:00:21 2014 +0200
Committer: Christian Schneider <ch...@die-schneider.net>
Committed: Fri Jul 11 18:00:21 2014 +0200

----------------------------------------------------------------------
 .../security/JAASLoginInterceptor.java          | 25 ++++++++++++++------
 .../security/JAASAuthenticationFilter.java      | 15 ++++++++----
 2 files changed, 28 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/9be6ef67/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java b/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
index 4600812..24c7bf2 100644
--- a/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
+++ b/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
@@ -33,6 +33,7 @@ import org.apache.cxf.common.security.TokenType;
 import org.apache.cxf.common.security.UsernameToken;
 import org.apache.cxf.configuration.security.AuthorizationPolicy;
 import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.interceptor.InterceptorChain;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
@@ -49,6 +50,7 @@ public class JAASLoginInterceptor extends AbstractPhaseInterceptor<Message> {
     private String roleClassifier;
     private String roleClassifierType = ROLE_CLASSIFIER_PREFIX;
     private boolean reportFault;
+    private boolean useDoAs = true;
     
     
     public JAASLoginInterceptor() {
@@ -96,6 +98,10 @@ public class JAASLoginInterceptor extends AbstractPhaseInterceptor<Message> {
         this.reportFault = reportFault;
     }
     
+    public void setUseDoAs(boolean useDoAs) {
+        this.useDoAs = useDoAs;
+    }
+
     public void handleMessage(final Message message) throws Fault {
 
         String name = null;
@@ -130,14 +136,19 @@ public class JAASLoginInterceptor extends AbstractPhaseInterceptor<Message> {
             
             // Run the further chain in the context of this subject.
             // This allows other code to retrieve the subject using pure JAAS
-            Subject.doAs(subject, new PrivilegedAction<Void>() {
+            if (useDoAs) {
+                Subject.doAs(subject, new PrivilegedAction<Void>() {
 
-                @Override
-                public Void run() {
-                    message.getInterceptorChain().doIntercept(message);
-                    return null;
-                }
-            });
+                    @Override
+                    public Void run() {
+                        InterceptorChain chain = message.getInterceptorChain();
+                        if (chain != null) {
+                            chain.doIntercept(message);
+                        }
+                        return null;
+                    }
+                });
+            }
 
         } catch (LoginException ex) {
             String errorMessage = "Authentication failed for user " + name + " : " + ex.getMessage();

http://git-wip-us.apache.org/repos/asf/cxf/blob/9be6ef67/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
index c0b8dc8..7992242 100644
--- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
+++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
@@ -55,11 +55,16 @@ public class JAASAuthenticationFilter implements ContainerRequestFilter {
     private String realmName;
     private boolean ignoreBasePath = true;
     
-    private JAASLoginInterceptor interceptor = new JAASLoginInterceptor() {
-        protected CallbackHandler getCallbackHandler(String name, String password) {
-            return JAASAuthenticationFilter.this.getCallbackHandler(name, password);
-        }    
-    };
+    private JAASLoginInterceptor interceptor;
+    
+    public JAASAuthenticationFilter() {
+        interceptor = new JAASLoginInterceptor() {
+            protected CallbackHandler getCallbackHandler(String name, String password) {
+                return JAASAuthenticationFilter.this.getCallbackHandler(name, password);
+            }    
+        };
+        interceptor.setUseDoAs(false);
+    }
     
     @Deprecated
     public void setRolePrefix(String name) {