camel-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Willem Jiang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CAMEL-5952) Even if we retrieve a javax.security.auth.Subject from Exchange message, the authentication fails
Date Fri, 11 Jan 2013 08:38:19 GMT

    [ https://issues.apache.org/jira/browse/CAMEL-5952?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13550984#comment-13550984
] 

Willem Jiang commented on CAMEL-5952:
-------------------------------------

Hi Charles,

There is an integration test[1] with the CXF WS-Security and Spring Security in the camel.
As you already figured out, we need to convert the Subject which is get from CXF to the Spring
security understands AuthenticationToken.

[1]https://svn.apache.org/repos/asf/camel/trunk/tests/camel-itest/src/test/java/org/apache/camel/itest/security
                
> Even if we retrieve a javax.security.auth.Subject from Exchange message, the authentication
fails
> -------------------------------------------------------------------------------------------------
>
>                 Key: CAMEL-5952
>                 URL: https://issues.apache.org/jira/browse/CAMEL-5952
>             Project: Camel
>          Issue Type: Bug
>    Affects Versions: 2.11.0
>         Environment: camel-spring-security
>            Reporter: Charles Moulliard
>            Assignee: Willem Jiang
>         Attachments: Screen Shot 2013-01-10 at 18.20.48.png
>
>
> When we would like to authenticate a user using camel-spring-security & camel-cxf,
we get the following message even if we have been able to retrieve a Subject from CamelExchange
(see screenshot).
> {code}
> Class SpringSecurityPolicyAutorization
>     ...
>     protected Authentication getAuthentication(Message message) {
>         Subject subject = message.getHeader(Exchange.AUTHENTICATION, Subject.class);
// NOT NULL - SEE SCREENSHOT
>         Authentication answer = null;
>         if (subject != null) {
>             answer = getAuthenticationAdapter().toAuthentication(subject);
>         }
>         
>         // ANSWER IS NULL as the following code return null in     DefaultAuthenticationAdapter
>     public Authentication toAuthentication(Subject subject) {
>         if (subject == null || subject.getPrincipals().size() == 0) {
>             return null;
>         }
>         Set<Authentication> authentications  = subject.getPrincipals(Authentication.class);
>         
>         // IN OUR CASE, the Set size is equal to zero
>         if (authentications.size() > 0) {
>             // just return the first one 
>             return authentications.iterator().next();
>         } else {
>             return convertToAuthentication(subject);
>         }
>     }
>     /**
>      * You can add the customer convert code here
>      */
>     protected Authentication convertToAuthentication(Subject subject) {
>         return null;        
>     }
> {code}
> Camel Route Config
> {code}
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns="http://www.springframework.org/schema/beans"
>        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>        xmlns:cxf="http://camel.apache.org/schema/cxf"
>        xmlns:spring-security="http://www.springframework.org/schema/security"
>        xsi:schemaLocation="
>         http://www.springframework.org/schema/beans
>   		  http://www.springframework.org/schema/beans/spring-beans.xsd
> 	    http://www.springframework.org/schema/security
> 	      http://www.springframework.org/schema/security/spring-security.xsd
>   		http://camel.apache.org/schema/spring
> 		  http://camel.apache.org/schema/spring/camel-spring.xsd
> 		http://camel.apache.org/schema/spring-security
> 		   http://camel.apache.org/schema/spring-security/camel-spring-security.xsd
> 		http://camel.apache.org/schema/cxf
> 		  http://camel.apache.org/schema/cxf/camel-cxf.xsd">
>     <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
>         <property name="allowIfAllAbstainDecisions" value="true"/>
>         <property name="decisionVoters">
>             <list>
>                 <bean class="org.springframework.security.access.vote.RoleVoter"/>
>             </list>
>         </property>
>     </bean>
>     <spring-security:authentication-manager alias="authenticationManager">
>         <spring-security:authentication-provider user-service-ref="userDetailsService"/>
>     </spring-security:authentication-manager>
>     <spring-security:user-service id="userDetailsService">
>         <spring-security:user name="jim" password="jimspassword" authorities="ROLE_USER,
ROLE_ADMIN"/>
>         <spring-security:user name="charles" password="charlespassword" authorities="ROLE_USER,
ROLE_ADMIN"/>
>         <spring-security:user name="bob" password="bobspassword" authorities="ROLE_USER"/>
>     </spring-security:user-service>
>     <authorizationPolicy id="admin" access="ROLE_ADMIN"
>                          authenticationManager="authenticationManager"
>                          accessDecisionManager="accessDecisionManager"
>                          xmlns="http://camel.apache.org/schema/spring-security"/>
>     <cxf:cxfEndpoint id="WS"
>                      address="http://localhost:9090/training/WebService"
>                      serviceClass="com.fusesource.training.CustomerService">
>         <cxf:outInterceptors>
>             <ref bean="loggingOutInterceptor"/>
>         </cxf:outInterceptors>
>         <cxf:inInterceptors>
>             <ref bean="loggingInInterceptor"/>
>             <ref bean="wss4jInInterceptor"/>
>         </cxf:inInterceptors>
>     </cxf:cxfEndpoint>
>     <bean id="loggingOutInterceptor" class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
>     <bean id="loggingInInterceptor" class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
>     <bean id="wss4jInInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>         <constructor-arg>
>             <map>
>                 <entry key="action" value="UsernameToken Timestamp"/>
>                 <entry key="passwordType" value="PasswordDigest"/>
>                 <entry key="passwordCallbackClass" value="com.fusesource.training.camel.UTPasswordCallback"/>
>             </map>
>         </constructor-arg>
>     </bean>
>     <camelContext trace="false" xmlns="http://camel.apache.org/schema/spring">
>         <route id="cxf-to-client">
>             <from uri="cxf:bean:WS"/>
>             <policy ref="admin">
>                <log message=">>> SOAP Action : ${in.header.SOAPAction}"/>
>             </policy>
>         </route>
>     </camelContext>
> </beans>
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message