You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by cs...@apache.org on 2014/07/11 18:00:59 UTC
git commit: CXF-5868 Quick Fix for JAASAuthentication filter to run
without doAs
Repository: cxf
Updated Branches:
refs/heads/master e5e77b73c -> 9be6ef67c
CXF-5868 Quick Fix for JAASAuthentication filter to run without doAs
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9be6ef67
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9be6ef67
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9be6ef67
Branch: refs/heads/master
Commit: 9be6ef67c1099992a44e91cf1af48b43123d6cbc
Parents: e5e77b7
Author: Christian Schneider <ch...@die-schneider.net>
Authored: Fri Jul 11 18:00:21 2014 +0200
Committer: Christian Schneider <ch...@die-schneider.net>
Committed: Fri Jul 11 18:00:21 2014 +0200
----------------------------------------------------------------------
.../security/JAASLoginInterceptor.java | 25 ++++++++++++++------
.../security/JAASAuthenticationFilter.java | 15 ++++++++----
2 files changed, 28 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/9be6ef67/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java b/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
index 4600812..24c7bf2 100644
--- a/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
+++ b/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
@@ -33,6 +33,7 @@ import org.apache.cxf.common.security.TokenType;
import org.apache.cxf.common.security.UsernameToken;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.interceptor.InterceptorChain;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
@@ -49,6 +50,7 @@ public class JAASLoginInterceptor extends AbstractPhaseInterceptor<Message> {
private String roleClassifier;
private String roleClassifierType = ROLE_CLASSIFIER_PREFIX;
private boolean reportFault;
+ private boolean useDoAs = true;
public JAASLoginInterceptor() {
@@ -96,6 +98,10 @@ public class JAASLoginInterceptor extends AbstractPhaseInterceptor<Message> {
this.reportFault = reportFault;
}
+ public void setUseDoAs(boolean useDoAs) {
+ this.useDoAs = useDoAs;
+ }
+
public void handleMessage(final Message message) throws Fault {
String name = null;
@@ -130,14 +136,19 @@ public class JAASLoginInterceptor extends AbstractPhaseInterceptor<Message> {
// Run the further chain in the context of this subject.
// This allows other code to retrieve the subject using pure JAAS
- Subject.doAs(subject, new PrivilegedAction<Void>() {
+ if (useDoAs) {
+ Subject.doAs(subject, new PrivilegedAction<Void>() {
- @Override
- public Void run() {
- message.getInterceptorChain().doIntercept(message);
- return null;
- }
- });
+ @Override
+ public Void run() {
+ InterceptorChain chain = message.getInterceptorChain();
+ if (chain != null) {
+ chain.doIntercept(message);
+ }
+ return null;
+ }
+ });
+ }
} catch (LoginException ex) {
String errorMessage = "Authentication failed for user " + name + " : " + ex.getMessage();
http://git-wip-us.apache.org/repos/asf/cxf/blob/9be6ef67/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
index c0b8dc8..7992242 100644
--- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
+++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
@@ -55,11 +55,16 @@ public class JAASAuthenticationFilter implements ContainerRequestFilter {
private String realmName;
private boolean ignoreBasePath = true;
- private JAASLoginInterceptor interceptor = new JAASLoginInterceptor() {
- protected CallbackHandler getCallbackHandler(String name, String password) {
- return JAASAuthenticationFilter.this.getCallbackHandler(name, password);
- }
- };
+ private JAASLoginInterceptor interceptor;
+
+ public JAASAuthenticationFilter() {
+ interceptor = new JAASLoginInterceptor() {
+ protected CallbackHandler getCallbackHandler(String name, String password) {
+ return JAASAuthenticationFilter.this.getCallbackHandler(name, password);
+ }
+ };
+ interceptor.setUseDoAs(false);
+ }
@Deprecated
public void setRolePrefix(String name) {