cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From veit...@apache.org
Subject svn commit: r917689 [1/2] - in /cxf/sandbox/veithen/cxf-spring-security: ./ cxf-spring-security/ cxf-spring-security/src/ cxf-spring-security/src/main/ cxf-spring-security/src/main/java/ cxf-spring-security/src/main/java/org/ cxf-spring-security/src/ma...
Date Mon, 01 Mar 2010 20:06:27 GMT
Author: veithen
Date: Mon Mar  1 20:06:25 2010
New Revision: 917689

URL: http://svn.apache.org/viewvc?rev=917689&view=rev
Log:
Imported the cxf-spring-security code from the Google code project (r54).

Added:
    cxf/sandbox/veithen/cxf-spring-security/
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/pom.xml   (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/AuthenticationManagerAwareBeanDefinitionParser.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/BasicAuthInterceptor.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/CXFSecurityContextProviderInterceptor.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/GenericUsernamePasswordInterceptor.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/NamespaceHandler.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SecurityException.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/ServerPasswordCallbackHandler.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SoapAuthenticationInterceptor.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityContextConsumerInterceptor.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityContextFeature.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityExceptionMapper.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityInvokerProxy.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/resources/
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/resources/META-INF/
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/resources/META-INF/spring.handlers
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/resources/META-INF/spring.schemas
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/resources/schemas/
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/resources/schemas/spring-security.xsd
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/pom.xml   (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/AbstractSpringServer.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/OnewayService.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/OnewayServiceImpl.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/SpringHttpAuthJaxwsOnewayTest.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/log4j.properties
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_http_auth_jaxws_oneway/
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_http_auth_jaxws_oneway/WEB-INF/
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_http_auth_jaxws_oneway/WEB-INF/beans.xml   (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_http_auth_jaxws_oneway/WEB-INF/web.xml   (with props)
    cxf/sandbox/veithen/cxf-spring-security/samples/
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-rs/
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-rs/pom.xml   (with props)
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-rs/soapui-project.xml   (with props)
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-rs/src/
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-rs/src/main/
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-rs/src/main/java/
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-rs/src/main/java/sample/
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-rs/src/main/java/sample/GreeterService.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-rs/src/main/resources/
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-rs/src/main/resources/log4j.properties
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-rs/src/main/webapp/
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-rs/src/main/webapp/WEB-INF/
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-rs/src/main/webapp/WEB-INF/applicationContext.xml   (with props)
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-rs/src/main/webapp/WEB-INF/web.xml   (with props)
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-ws-jms-sample/
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-ws-jms-sample/pom.xml   (with props)
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-ws-jms-sample/src/
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-ws-jms-sample/src/main/
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-ws-jms-sample/src/main/java/
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-ws-jms-sample/src/main/java/test/
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-ws-jms-sample/src/main/java/test/Test.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-ws-jms-sample/src/main/java/test/calculator/
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-ws-jms-sample/src/main/java/test/calculator/impl/
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-ws-jms-sample/src/main/java/test/calculator/impl/CalculatorImpl.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-ws-jms-sample/src/main/resources/
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-ws-jms-sample/src/main/resources/META-INF/
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-ws-jms-sample/src/main/resources/META-INF/wsdl/
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-ws-jms-sample/src/main/resources/META-INF/wsdl/calculator.wsdl
    cxf/sandbox/veithen/cxf-spring-security/samples/jax-ws-jms-sample/src/main/resources/applicationContext.xml   (with props)
    cxf/sandbox/veithen/cxf-spring-security/samples/pom.xml   (with props)
    cxf/sandbox/veithen/cxf-spring-security/samples/wss/
    cxf/sandbox/veithen/cxf-spring-security/samples/wss/pom.xml   (with props)
    cxf/sandbox/veithen/cxf-spring-security/samples/wss/soapui-project.xml   (with props)
    cxf/sandbox/veithen/cxf-spring-security/samples/wss/src/
    cxf/sandbox/veithen/cxf-spring-security/samples/wss/src/main/
    cxf/sandbox/veithen/cxf-spring-security/samples/wss/src/main/java/
    cxf/sandbox/veithen/cxf-spring-security/samples/wss/src/main/java/sample/
    cxf/sandbox/veithen/cxf-spring-security/samples/wss/src/main/java/sample/SampleService.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/samples/wss/src/main/java/sample/SampleServiceImpl.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/samples/wss/src/main/resources/
    cxf/sandbox/veithen/cxf-spring-security/samples/wss/src/main/resources/log4j.properties
    cxf/sandbox/veithen/cxf-spring-security/samples/wss/src/main/webapp/
    cxf/sandbox/veithen/cxf-spring-security/samples/wss/src/main/webapp/WEB-INF/
    cxf/sandbox/veithen/cxf-spring-security/samples/wss/src/main/webapp/WEB-INF/applicationContext.xml   (with props)
    cxf/sandbox/veithen/cxf-spring-security/samples/wss/src/main/webapp/WEB-INF/web.xml   (with props)

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/pom.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/pom.xml?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/pom.xml (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/pom.xml Mon Mar  1 20:06:25 2010
@@ -0,0 +1,61 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>com.google.code.cxf-spring-security</groupId>
+    <artifactId>cxf-spring-security</artifactId>
+    <packaging>jar</packaging>
+    <version>2.3.0-SNAPSHOT</version>
+    <name>Apache CXF Spring Security integration</name>
+    <url>http://code.google.com/p/cxf-spring-security/</url>
+
+    <parent>
+        <groupId>org.apache.cxf</groupId>
+        <artifactId>cxf-parent</artifactId>
+        <version>2.3.0-SNAPSHOT</version>
+    </parent>
+    
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-api</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-bindings-soap</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.ws.security</groupId>
+            <artifactId>wss4j</artifactId>
+            <version>1.5.8</version>
+        </dependency>
+        <dependency>
+            <groupId>javax.ws.rs</groupId>
+            <artifactId>jsr311-api</artifactId>
+            <version>1.1</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core</artifactId>
+            <version>2.0.4</version>
+        </dependency>
+    </dependencies>
+</project>
\ No newline at end of file

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/pom.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/AuthenticationManagerAwareBeanDefinitionParser.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/AuthenticationManagerAwareBeanDefinitionParser.java?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/AuthenticationManagerAwareBeanDefinitionParser.java (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/AuthenticationManagerAwareBeanDefinitionParser.java Mon Mar  1 20:06:25 2010
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.security.spring;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.configuration.spring.SimpleBeanDefinitionParser;
+import org.springframework.beans.factory.support.BeanDefinitionBuilder;
+import org.springframework.beans.factory.xml.ParserContext;
+import org.springframework.security.config.BeanIds;
+
+public class AuthenticationManagerAwareBeanDefinitionParser extends SimpleBeanDefinitionParser {
+    public AuthenticationManagerAwareBeanDefinitionParser(Class<?> beanClass) {
+        super(beanClass);
+    }
+
+    @Override
+    protected void doParse(Element element, ParserContext ctx,
+            BeanDefinitionBuilder bean) {
+        super.doParse(element, ctx, bean);
+        bean.addPropertyReference("authenticationManager", BeanIds.AUTHENTICATION_MANAGER);
+    }
+}

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/AuthenticationManagerAwareBeanDefinitionParser.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/BasicAuthInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/BasicAuthInterceptor.java?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/BasicAuthInterceptor.java (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/BasicAuthInterceptor.java Mon Mar  1 20:06:25 2010
@@ -0,0 +1,119 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.security.spring;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.net.HttpURLConnection;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.message.Exchange;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.transport.Conduit;
+import org.apache.cxf.ws.addressing.EndpointReferenceType;
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationException;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+
+// Inspired by:
+//  - http://chrisdail.com/2008/03/31/apache-cxf-with-http-basic-authentication/
+//  - http://markmail.org/message/ej7mm5ynvcnukcbk
+public class BasicAuthInterceptor extends AbstractPhaseInterceptor<Message> {
+    private AuthenticationManager authenticationManager;
+    
+    public BasicAuthInterceptor() {
+        super(Phase.RECEIVE);
+    }
+
+    // TODO: use an afterPropertiesSet to check that an authentication manager is configured
+    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
+        this.authenticationManager = authenticationManager;
+    }
+
+    public void handleMessage(Message inMessage) {
+        AuthorizationPolicy policy = inMessage.get(AuthorizationPolicy.class);
+        boolean sendUnauthorized = true;
+        if (policy != null) {
+            Authentication authentication = new UsernamePasswordAuthenticationToken(
+                    policy.getUserName(), policy.getPassword());
+            try {
+                authentication = authenticationManager.authenticate(authentication);
+                inMessage.getExchange().put(Authentication.class, authentication);
+                sendUnauthorized = false;
+            } catch (AuthenticationException ex) {
+                // TODO: log exception?
+            }
+        }
+        if (sendUnauthorized) {
+            Message outMessage = getOutMessage(inMessage);
+            outMessage.put(Message.RESPONSE_CODE, HttpURLConnection.HTTP_UNAUTHORIZED);
+            setHeader(outMessage, "WWW-Authenticate", "Basic realm=foo"); // TODO: configure realm
+            inMessage.getInterceptorChain().abort();
+            try {
+                getConduit(inMessage).prepare(outMessage);
+                close(outMessage);
+            } catch (IOException ioe) {
+                // REVISIT log etc...
+                ioe.printStackTrace();
+            }
+        }
+    }
+
+    private Message getOutMessage(Message inMessage) {
+        Exchange exchange = inMessage.getExchange();
+        Message outMessage = exchange.getOutMessage();
+        if (outMessage == null) {
+            Endpoint endpoint = exchange.get(Endpoint.class);
+            outMessage = endpoint.getBinding().createMessage();
+            exchange.setOutMessage(outMessage);
+        }
+        outMessage.putAll(inMessage);
+        return outMessage;
+    }
+
+    @SuppressWarnings("unchecked")
+    private void setHeader(Message message, String name, String value) {
+        Map<String, List<String>> responseHeaders = (Map<String, List<String>>)message.get(
+                Message.PROTOCOL_HEADERS);
+        if (responseHeaders != null) {
+            responseHeaders.put(name, Arrays.asList(new String[]{value}));
+        }
+    }
+
+    private Conduit getConduit(Message inMessage) throws IOException {
+        Exchange exchange = inMessage.getExchange();
+        EndpointReferenceType target = exchange.get(EndpointReferenceType.class);
+        Conduit conduit = exchange.getDestination().getBackChannel(inMessage, null, target);
+        exchange.setConduit(conduit);
+        return conduit;
+    }
+
+    private void close(Message outMessage) throws IOException {
+        OutputStream os = outMessage.getContent(OutputStream.class);
+        os.flush();
+        os.close();
+    }
+}

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/BasicAuthInterceptor.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/CXFSecurityContextProviderInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/CXFSecurityContextProviderInterceptor.java?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/CXFSecurityContextProviderInterceptor.java (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/CXFSecurityContextProviderInterceptor.java Mon Mar  1 20:06:25 2010
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.security.spring;
+
+import java.security.Principal;
+
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.security.SecurityContext;
+import org.springframework.security.Authentication;
+import org.springframework.security.GrantedAuthority;
+
+public class CXFSecurityContextProviderInterceptor extends AbstractPhaseInterceptor<Message> {
+    public CXFSecurityContextProviderInterceptor() {
+        // TODO: this is almost certainly not the right phase;
+        //       in particular this will probably not work with WS-Security
+        super(Phase.RECEIVE);
+    }
+
+    public void handleMessage(Message message) throws Fault {
+        final Authentication authentication = message.getExchange().get(Authentication.class);
+        if (authentication != null && authentication.isAuthenticated()) {
+            message.put(SecurityContext.class, new SecurityContext() {
+                public Principal getUserPrincipal() {
+                    return authentication;
+                }
+                
+                public boolean isUserInRole(String role) {
+                    GrantedAuthority[] authorities = authentication.getAuthorities();
+                    if (authorities != null) {
+                        for (GrantedAuthority authority : authorities) {
+                            if (role.equals(authority.getAuthority())) {
+                                return true;
+                            }
+                        }
+                    }
+                    return false;
+                }
+            });
+        }
+    }
+}

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/CXFSecurityContextProviderInterceptor.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/GenericUsernamePasswordInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/GenericUsernamePasswordInterceptor.java?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/GenericUsernamePasswordInterceptor.java (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/GenericUsernamePasswordInterceptor.java Mon Mar  1 20:06:25 2010
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.security.spring;
+
+import java.util.List;
+import java.util.Map;
+
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.security.Authentication;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+
+public class GenericUsernamePasswordInterceptor extends AbstractPhaseInterceptor<Message>
+        implements InitializingBean {
+    
+    private String usernameHeader;
+    private String passwordHeader;
+
+    public GenericUsernamePasswordInterceptor() {
+        super(Phase.RECEIVE);
+    }
+    
+    public void setUsernameHeader(String usernameHeader) {
+        this.usernameHeader = usernameHeader;
+    }
+
+    public void setPasswordHeader(String passwordHeader) {
+        this.passwordHeader = passwordHeader;
+    }
+
+    public void afterPropertiesSet() throws Exception {
+        if (usernameHeader == null) {
+            throw new IllegalStateException("usernameHeader not set");
+        }
+        if (passwordHeader == null) {
+            throw new IllegalStateException("passwordHeader not set");
+        }
+    }
+
+    public void handleMessage(Message message) throws Fault {
+        Map<String, List<String>> headers = CastUtils.cast((Map<?, ?>)message.get(Message.PROTOCOL_HEADERS));
+        List<String> username = headers.get(usernameHeader);
+        List<String> password = headers.get(passwordHeader);
+        if (username != null && username.size() == 1 && password != null && password.size() == 1) {
+            message.getExchange().put(Authentication.class, new UsernamePasswordAuthenticationToken(
+                    username.get(0), password.get(0)));
+        }
+    }
+}

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/GenericUsernamePasswordInterceptor.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/NamespaceHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/NamespaceHandler.java?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/NamespaceHandler.java (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/NamespaceHandler.java Mon Mar  1 20:06:25 2010
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.security.spring;
+
+import org.apache.cxf.configuration.spring.SimpleBeanDefinitionParser;
+import org.springframework.beans.factory.xml.NamespaceHandlerSupport;
+
+public class NamespaceHandler extends NamespaceHandlerSupport {
+    public void init() {
+        registerBeanDefinitionParser("basic-auth-interceptor",
+                new AuthenticationManagerAwareBeanDefinitionParser(BasicAuthInterceptor.class));
+        registerBeanDefinitionParser("server-password-callback-handler",
+                new AuthenticationManagerAwareBeanDefinitionParser(ServerPasswordCallbackHandler.class));
+        registerBeanDefinitionParser("spring-security-context-feature",
+                new SimpleBeanDefinitionParser(SpringSecurityContextFeature.class));
+        registerBeanDefinitionParser("generic-username-password-interceptor",
+                new SimpleBeanDefinitionParser(GenericUsernamePasswordInterceptor.class));
+        registerBeanDefinitionParser("soap-authentication-interceptor",
+                new AuthenticationManagerAwareBeanDefinitionParser(SoapAuthenticationInterceptor.class));
+        registerBeanDefinitionParser("cxf-security-context-provider-interceptor",
+                new SimpleBeanDefinitionParser(CXFSecurityContextProviderInterceptor.class));
+        registerBeanDefinitionParser("spring-security-context-consumer-interceptor",
+                new SimpleBeanDefinitionParser(SpringSecurityContextConsumerInterceptor.class));
+    }
+}

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/NamespaceHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SecurityException.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SecurityException.java?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SecurityException.java (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SecurityException.java Mon Mar  1 20:06:25 2010
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.security.spring;
+
+import java.io.IOException;
+
+import org.springframework.security.AuthenticationException;
+
+/**
+ * Exception used by {@link javax.security.auth.callback.CallbackHandler} implementations
+ * in this package.
+ */
+public class SecurityException extends IOException {
+    private static final long serialVersionUID = 4859993641237505549L;
+
+    /**
+     * Wrap the given {@link AuthenticationException}.
+     * 
+     * @param cause the Spring Security exception
+     */
+    public SecurityException(AuthenticationException cause) {
+        super(cause.getClass().getSimpleName() + ": " + cause.getMessage());
+        initCause(cause);
+    }
+
+    /**
+     * Construct an exception with the specified detail message.
+     *
+     * @param msg the detail message.
+     */
+    public SecurityException(String msg) {
+        super(msg);
+    }
+}

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SecurityException.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/ServerPasswordCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/ServerPasswordCallbackHandler.java?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/ServerPasswordCallbackHandler.java (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/ServerPasswordCallbackHandler.java Mon Mar  1 20:06:25 2010
@@ -0,0 +1,96 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.security.spring;
+
+import java.io.IOException;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.PhaseInterceptorChain;
+import org.apache.ws.security.WSPasswordCallback;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationException;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+
+public class ServerPasswordCallbackHandler implements CallbackHandler, InitializingBean {
+    private static final Logger LOG = LogUtils.getL7dLogger(
+            ServerPasswordCallbackHandler.class);
+    
+    private AuthenticationManager authenticationManager;
+    private boolean nestExceptions;
+    private boolean logExceptions;
+
+    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
+        this.authenticationManager = authenticationManager;
+    }
+
+    public void setNestExceptions(boolean nestExceptions) {
+        this.nestExceptions = nestExceptions;
+    }
+
+    public void setLogExceptions(boolean logExceptions) {
+        this.logExceptions = logExceptions;
+    }
+
+    public void afterPropertiesSet() throws Exception {
+        if (authenticationManager == null) {
+            throw new IllegalStateException("No authentication manager has been configured");
+        }
+    }
+
+    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+        for (Callback callback : callbacks) {
+            if (callback instanceof WSPasswordCallback) {
+                WSPasswordCallback pwCallback = (WSPasswordCallback)callback;
+                // TODO: need to check getUsage
+                Authentication authentication = new UsernamePasswordAuthenticationToken(
+                        pwCallback.getIdentifier(), pwCallback.getPassword());
+                try {
+                    authentication = authenticationManager.authenticate(authentication);
+                } catch (AuthenticationException ex) {
+                    throw translateException(ex);
+                }
+                Message message = PhaseInterceptorChain.getCurrentMessage();
+                if (message == null) {
+                    LOG.fine("No current message; can't add the Authentication object to the Exchange.");
+                } else {
+                    message.getExchange().put(Authentication.class, authentication);
+                }
+            } else {
+                throw new UnsupportedCallbackException(callback);
+            }
+        }
+    }
+    
+    private SecurityException translateException(AuthenticationException ex) {
+        if (logExceptions) {
+            LogUtils.log(LOG, Level.WARNING, "Authentication failed", ex);
+        }
+        return nestExceptions ? new SecurityException(ex) : new SecurityException("Authentication failed");
+    }
+}

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/ServerPasswordCallbackHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SoapAuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SoapAuthenticationInterceptor.java?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SoapAuthenticationInterceptor.java (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SoapAuthenticationInterceptor.java Mon Mar  1 20:06:25 2010
@@ -0,0 +1,68 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.security.spring;
+
+import org.apache.cxf.binding.soap.SoapFault;
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationException;
+import org.springframework.security.AuthenticationManager;
+
+public class SoapAuthenticationInterceptor extends AbstractPhaseInterceptor<SoapMessage>
+        implements InitializingBean {
+    
+    private AuthenticationManager authenticationManager;
+    private boolean authenticationRequired = true;
+    
+    public SoapAuthenticationInterceptor() {
+        super(Phase.RECEIVE);
+    }
+    
+    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
+        this.authenticationManager = authenticationManager;
+    }
+
+    public void setAuthenticationRequired(boolean authenticationRequired) {
+        this.authenticationRequired = authenticationRequired;
+    }
+
+    public void afterPropertiesSet() throws Exception {
+        if (authenticationManager == null) {
+            throw new IllegalStateException("No authentication manager has been configured");
+        }
+    }
+
+    public void handleMessage(SoapMessage message) throws Fault {
+        Authentication authentication = message.getExchange().get(Authentication.class);
+        if (authentication != null) {
+            try {
+                authentication = authenticationManager.authenticate(authentication);
+                message.getExchange().put(Authentication.class, authentication);
+            } catch (AuthenticationException ex) {
+                throw new SoapFault("Bad credentials", message.getVersion().getSender());
+            }
+        } else if (authenticationRequired) {
+            throw new SoapFault("Authentication required", message.getVersion().getSender());
+        }
+    }
+}

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SoapAuthenticationInterceptor.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityContextConsumerInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityContextConsumerInterceptor.java?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityContextConsumerInterceptor.java (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityContextConsumerInterceptor.java Mon Mar  1 20:06:25 2010
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.security.spring;
+
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.springframework.security.Authentication;
+import org.springframework.security.context.SecurityContextHolder;
+
+public class SpringSecurityContextConsumerInterceptor extends AbstractPhaseInterceptor<Message> {
+    public SpringSecurityContextConsumerInterceptor() {
+        // TODO: choose right phase
+        super(Phase.RECEIVE);
+    }
+
+    public void handleMessage(Message message) throws Fault {
+        message.getExchange().put(Authentication.class,
+                SecurityContextHolder.getContext().getAuthentication());
+    }
+}

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityContextConsumerInterceptor.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityContextFeature.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityContextFeature.java?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityContextFeature.java (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityContextFeature.java Mon Mar  1 20:06:25 2010
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.security.spring;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.endpoint.Server;
+import org.apache.cxf.feature.AbstractFeature;
+import org.apache.cxf.service.Service;
+
+public class SpringSecurityContextFeature extends AbstractFeature {
+    @Override
+    public void initialize(Server server, Bus bus) {
+        Service service = server.getEndpoint().getService();
+        service.setInvoker(new SpringSecurityInvokerProxy(service.getInvoker()));
+    }
+}

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityContextFeature.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityExceptionMapper.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityExceptionMapper.java?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityExceptionMapper.java (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityExceptionMapper.java Mon Mar  1 20:06:25 2010
@@ -0,0 +1,44 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.security.spring;
+
+import javax.ws.rs.core.Response;
+import javax.ws.rs.ext.ExceptionMapper;
+
+import org.springframework.security.AccessDeniedException;
+import org.springframework.security.AuthenticationException;
+import org.springframework.security.SpringSecurityException;
+
+public class SpringSecurityExceptionMapper implements ExceptionMapper<SpringSecurityException> {
+    public Response toResponse(SpringSecurityException exception) {
+        Response.Status status;
+        if (exception instanceof AccessDeniedException) {
+            // This means that the principal doesn't have the required authority and we should return 403.
+            status = Response.Status.FORBIDDEN;
+        } else if (exception instanceof AuthenticationException) {
+            // This means that the client could not be authenticated. In this case the client may want to
+            // send (new) credentials and we should return 401.
+            status = Response.Status.UNAUTHORIZED;
+        } else {
+            // Everything else is a server problem.
+            status = Response.Status.INTERNAL_SERVER_ERROR;
+        }
+        return Response.status(status).build();
+    }
+}

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityExceptionMapper.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityInvokerProxy.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityInvokerProxy.java?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityInvokerProxy.java (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityInvokerProxy.java Mon Mar  1 20:06:25 2010
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.security.spring;
+
+import org.apache.cxf.message.Exchange;
+import org.apache.cxf.service.invoker.Invoker;
+import org.springframework.security.Authentication;
+import org.springframework.security.context.SecurityContext;
+import org.springframework.security.context.SecurityContextHolder;
+
+public class SpringSecurityInvokerProxy implements Invoker {
+    private final Invoker target;
+    
+    public SpringSecurityInvokerProxy(Invoker target) {
+        this.target = target;
+    }
+
+    public Object invoke(Exchange exchange, Object o) {
+        Authentication authentication = exchange.get(Authentication.class);
+        SecurityContext securityContext = SecurityContextHolder.getContext();
+        securityContext.setAuthentication(authentication);
+        try {
+            return target.invoke(exchange, o);
+        } finally {
+            securityContext.setAuthentication(null);
+        }
+    }
+}

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/SpringSecurityInvokerProxy.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/resources/META-INF/spring.handlers
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/resources/META-INF/spring.handlers?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/resources/META-INF/spring.handlers (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/resources/META-INF/spring.handlers Mon Mar  1 20:06:25 2010
@@ -0,0 +1,21 @@
+#
+#
+#    Licensed to the Apache Software Foundation (ASF) under one
+#    or more contributor license agreements. See the NOTICE file
+#    distributed with this work for additional information
+#    regarding copyright ownership. The ASF licenses this file
+#    to you under the Apache License, Version 2.0 (the
+#    "License"); you may not use this file except in compliance
+#    with the License. You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing,
+#    software distributed under the License is distributed on an
+#    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#    KIND, either express or implied. See the License for the
+#    specific language governing permissions and limitations
+#    under the License.
+#
+#
+http\://cxf.apache.org/spring-security=org.apache.cxf.security.spring.NamespaceHandler

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/resources/META-INF/spring.schemas
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/resources/META-INF/spring.schemas?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/resources/META-INF/spring.schemas (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/resources/META-INF/spring.schemas Mon Mar  1 20:06:25 2010
@@ -0,0 +1,22 @@
+#
+#
+#    Licensed to the Apache Software Foundation (ASF) under one
+#    or more contributor license agreements. See the NOTICE file
+#    distributed with this work for additional information
+#    regarding copyright ownership. The ASF licenses this file
+#    to you under the Apache License, Version 2.0 (the
+#    "License"); you may not use this file except in compliance
+#    with the License. You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing,
+#    software distributed under the License is distributed on an
+#    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#    KIND, either express or implied. See the License for the
+#    specific language governing permissions and limitations
+#    under the License.
+#
+#
+#http\://cxf.apache.org/schemas/spring-security.xsd=schemas/spring-security.xsd
+http\://cxf-spring-security.googlecode.com/svn/trunk/cxf-spring-security/src/main/resources/schemas/spring-security.xsd=schemas/spring-security.xsd
\ No newline at end of file

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/resources/schemas/spring-security.xsd
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/resources/schemas/spring-security.xsd?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/resources/schemas/spring-security.xsd (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/resources/schemas/spring-security.xsd Mon Mar  1 20:06:25 2010
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+            xmlns:beans="http://www.springframework.org/schema/beans"
+            xmlns="http://cxf.apache.org/spring-security"
+            targetNamespace="http://cxf.apache.org/spring-security" 
+            elementFormDefault="qualified">
+    <xsd:import namespace="http://www.springframework.org/schema/beans" schemaLocation="http://www.springframework.org/schema/beans/spring-beans-2.5.xsd"/>
+    
+    <xsd:element name="basic-auth-interceptor">
+        <xsd:complexType>
+            <xsd:complexContent>
+                <xsd:extension base="beans:identifiedType"/>
+            </xsd:complexContent>
+        </xsd:complexType>
+    </xsd:element>
+    <xsd:element name="server-password-callback-handler">
+        <xsd:annotation>
+            <xsd:documentation>
+                Password callback handler suitable for use with org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.
+            </xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexType>
+            <xsd:complexContent>
+                <xsd:extension base="beans:identifiedType">
+                    <xsd:attribute name="nestExceptions" type="xsd:boolean">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Specifies whether AuthenticationExceptions should be nested in the exceptions thrown by the callback handler.
+                                When enabled, error messages from the AuthenticationExceptions will appear in the SOAP fault returned to the
+                                client. This should be used with care since it may disclose too much information to the client.
+                             </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:attribute>
+                    <xsd:attribute name="logExceptions" type="xsd:boolean">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Specifies whether AuthenticationExceptions should be logged. When enabled, AuthenticationExceptions will
+                                be logged at level WARN. This is especially useful if nestExceptions is false.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:attribute>
+                </xsd:extension>
+            </xsd:complexContent>
+        </xsd:complexType>
+    </xsd:element>
+    <xsd:element name="spring-security-context-feature">
+        <xsd:complexType>
+            <xsd:complexContent>
+                <xsd:extension base="beans:identifiedType"/>
+            </xsd:complexContent>
+        </xsd:complexType>
+    </xsd:element>
+    <xsd:element name="generic-username-password-interceptor">
+        <xsd:complexType>
+            <xsd:complexContent>
+                <xsd:extension base="beans:identifiedType">
+                    <xsd:attribute name="usernameHeader" type="xsd:string" use="required"/>
+                    <xsd:attribute name="passwordHeader" type="xsd:string" use="required"/>
+                </xsd:extension>
+            </xsd:complexContent>
+        </xsd:complexType>
+    </xsd:element>
+    <xsd:element name="soap-authentication-interceptor">
+        <xsd:complexType>
+            <xsd:complexContent>
+                <xsd:extension base="beans:identifiedType">
+                    <xsd:attribute name="authenticationRequired" type="xsd:boolean" default="true"/>
+                </xsd:extension>
+            </xsd:complexContent>
+        </xsd:complexType>
+    </xsd:element>
+    <xsd:element name="cxf-security-context-provider-interceptor">
+        <xsd:annotation>
+            <xsd:documentation>
+                This interceptor builds an org.apache.cxf.security.SecurityContext object from an
+                an authenticated Authentication object found in the current Exchange and adds it
+                to the current message. Authorities in the Authentication object are mapped
+                one-to-one to roles in the SecurityContext.
+            </xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexType>
+            <xsd:complexContent>
+                <xsd:extension base="beans:identifiedType"/>
+            </xsd:complexContent>
+        </xsd:complexType>
+    </xsd:element>
+    <xsd:element name="spring-security-context-consumer-interceptor">
+        <xsd:annotation>
+            <xsd:documentation>
+                This interceptor gets the Authentication object from the current
+                org.springframework.security.context.SecurityContext stored by SecurityContextHolder
+                and adds it to the current Exchange.
+            </xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexType>
+            <xsd:complexContent>
+                <xsd:extension base="beans:identifiedType"/>
+            </xsd:complexContent>
+        </xsd:complexType>
+    </xsd:element>
+</xsd:schema>

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/pom.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/pom.xml?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/pom.xml (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/pom.xml Mon Mar  1 20:06:25 2010
@@ -0,0 +1,93 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>com.google.code.cxf-spring-security</groupId>
+    <artifactId>cxf-systests-spring-security</artifactId>
+    <packaging>jar</packaging>
+    <version>2.3.0-SNAPSHOT</version>
+    <name>Apache CXF Spring Security integration :: Systests</name>
+    <url>http://code.google.com/p/cxf-spring-security/</url>
+
+    <parent>
+        <groupId>org.apache.cxf</groupId>
+        <artifactId>cxf-parent</artifactId>
+        <version>2.3.0-SNAPSHOT</version>
+    </parent>
+    
+    <properties>
+        <slf4j.version>1.4.3</slf4j.version>
+    </properties>
+    
+    <dependencies>
+        <dependency>
+            <groupId>${project.groupId}</groupId>
+            <artifactId>cxf-spring-security</artifactId>
+            <version>${project.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-testutils</artifactId>
+            <version>${project.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-transports-http-jetty</artifactId>
+            <version>${project.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-frontend-jaxws</artifactId>
+            <version>${project.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <!-- Required by in-memory user details service -->
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-tx</artifactId>
+            <version>${spring.version}</version>
+            <scope>test</scope>
+        </dependency>
+        
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>${slf4j.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-log4j12</artifactId>
+            <version>${slf4j.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>log4j</groupId>
+            <artifactId>log4j</artifactId>
+            <version>1.2.14</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+</project>
\ No newline at end of file

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/pom.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/AbstractSpringServer.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/AbstractSpringServer.java?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/AbstractSpringServer.java (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/AbstractSpringServer.java Mon Mar  1 20:06:25 2010
@@ -0,0 +1,96 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.security;
+
+import java.net.URISyntaxException;
+
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+import org.mortbay.jetty.Connector;
+import org.mortbay.jetty.Handler;
+import org.mortbay.jetty.handler.DefaultHandler;
+import org.mortbay.jetty.handler.HandlerCollection;
+import org.mortbay.jetty.nio.SelectChannelConnector;
+import org.mortbay.jetty.webapp.WebAppContext;
+
+// Note: Code copied from cxf-systests-jaxrs
+public abstract class AbstractSpringServer extends AbstractBusTestServerBase {
+
+    private org.mortbay.jetty.Server server;
+    private String resourcePath;
+    private String contextPath;
+    private int port;
+    
+    protected AbstractSpringServer(String path) {
+        this(path, "/", 9080);
+    }
+    
+    protected AbstractSpringServer(String path, int portNumber) {
+        this(path, "/", portNumber);
+    }
+    
+    protected AbstractSpringServer(String path, String cPath, int portNumber) {
+        resourcePath = path;
+        contextPath = cPath;
+        port = portNumber;
+    }
+    
+    protected void run() {
+        System.out.println("Starting Server");
+
+        server = new org.mortbay.jetty.Server();
+
+        SelectChannelConnector connector = new SelectChannelConnector();
+        connector.setPort(port);
+        server.setConnectors(new Connector[] {connector});
+
+        WebAppContext webappcontext = new WebAppContext();
+        webappcontext.setContextPath(contextPath);
+
+        String warPath = null;
+        try {
+            warPath = getClass().getResource(resourcePath).toURI().getPath();
+        } catch (URISyntaxException e1) {
+            e1.printStackTrace();
+        }
+        
+        webappcontext.setWar(warPath);
+
+        HandlerCollection handlers = new HandlerCollection();
+        handlers.setHandlers(new Handler[] {webappcontext, new DefaultHandler()});
+
+        server.setHandler(handlers);
+        try {
+            server.start();
+                       
+        } catch (Exception e) {
+            e.printStackTrace();
+        }     
+    }
+    
+    public void tearDown() throws Exception {
+        super.tearDown();
+        if (server != null) {
+            server.stop();
+            server.destroy();
+            server = null;
+        }
+    }
+}

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/AbstractSpringServer.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/OnewayService.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/OnewayService.java?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/OnewayService.java (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/OnewayService.java Mon Mar  1 20:06:25 2010
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.security;
+
+import javax.jws.Oneway;
+import javax.jws.WebMethod;
+import javax.jws.WebService;
+
+@WebService
+public interface OnewayService {
+    @Oneway
+    @WebMethod
+    void testOneway(String param);
+    
+    @WebMethod
+    String getLastCaller();
+}

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/OnewayService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/OnewayServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/OnewayServiceImpl.java?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/OnewayServiceImpl.java (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/OnewayServiceImpl.java Mon Mar  1 20:06:25 2010
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.security;
+
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.LinkedBlockingQueue;
+import java.util.concurrent.TimeUnit;
+
+import org.springframework.security.Authentication;
+import org.springframework.security.context.SecurityContextHolder;
+
+public class OnewayServiceImpl implements OnewayService {
+    // Since testOneway is invoked asynchronously, we need a queue here
+    private BlockingQueue<String> lastCallerQueue = new LinkedBlockingQueue<String>();
+    
+    public void testOneway(String param) {
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        lastCallerQueue.add(authentication == null ? null : authentication.getName());
+    }
+
+    public String getLastCaller() {
+        try {
+            return lastCallerQueue.poll(60, TimeUnit.SECONDS);
+        } catch (InterruptedException ex) {
+            Thread.currentThread().interrupt();
+            return null;
+        }
+    }
+}

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/OnewayServiceImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/SpringHttpAuthJaxwsOnewayTest.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/SpringHttpAuthJaxwsOnewayTest.java?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/SpringHttpAuthJaxwsOnewayTest.java (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/SpringHttpAuthJaxwsOnewayTest.java Mon Mar  1 20:06:25 2010
@@ -0,0 +1,61 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.security;
+
+import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
+import org.apache.cxf.testutil.common.AbstractClientServerTestBase;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class SpringHttpAuthJaxwsOnewayTest extends AbstractClientServerTestBase {
+    public static class SpringServer extends AbstractSpringServer {
+        public SpringServer() {
+            super("/security_spring_http_auth_jaxws_oneway");
+        }
+        
+        public static void main(String args[]) {
+            try {
+                SpringServer s = new SpringServer();
+                s.start();
+            } catch (Exception ex) {
+                ex.printStackTrace();
+                System.exit(-1);
+            } finally {
+                System.out.println("done!");
+            }
+        }
+    }
+    
+    @BeforeClass
+    public static void beforeClass() throws Exception {
+        assertTrue(launchServer(SpringServer.class));
+    }
+    
+    @Test
+    public void test() {
+        JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
+        factory.setServiceClass(OnewayService.class);
+        factory.setAddress("http://localhost:9080/oneway");
+        factory.setUsername("joe");
+        factory.setPassword("password");
+        OnewayService service = (OnewayService)factory.create();
+        service.testOneway("test");
+        assertEquals("joe", service.getLastCaller());
+    }
+}

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/SpringHttpAuthJaxwsOnewayTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/log4j.properties
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/log4j.properties?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/log4j.properties (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/log4j.properties Mon Mar  1 20:06:25 2010
@@ -0,0 +1,9 @@
+# Set root logger level to DEBUG and its only appender to A1.
+log4j.rootLogger=INFO, A1
+
+# A1 is set to be a ConsoleAppender.
+log4j.appender.A1=org.apache.log4j.ConsoleAppender
+
+# A1 uses PatternLayout.
+log4j.appender.A1.layout=org.apache.log4j.PatternLayout
+log4j.appender.A1.layout.ConversionPattern=%-5p %c %x - %m%n

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_http_auth_jaxws_oneway/WEB-INF/beans.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_http_auth_jaxws_oneway/WEB-INF/beans.xml?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_http_auth_jaxws_oneway/WEB-INF/beans.xml (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_http_auth_jaxws_oneway/WEB-INF/beans.xml Mon Mar  1 20:06:25 2010
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:security="http://www.springframework.org/schema/security"
+       xmlns:ssec="http://cxf.apache.org/spring-security"
+       xmlns:jaxws="http://cxf.apache.org/jaxws"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+                           http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd
+                           http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
+                           http://cxf.apache.org/spring-security http://cxf-spring-security.googlecode.com/svn/trunk/cxf-spring-security/src/main/resources/schemas/spring-security.xsd">
+
+    <import resource="classpath:META-INF/cxf/cxf.xml"/>
+    <import resource="classpath*:META-INF/cxf/cxf-*.xml"/>
+    <import resource="classpath:META-INF/cxf/cxf-servlet.xml"/>
+
+    <security:http>
+        <security:intercept-url pattern="/**" access="ROLE_USER"/>
+        <security:http-basic/>
+    </security:http>
+    
+    <security:authentication-provider>
+        <security:user-service>
+            <security:user name="joe" password="password" authorities="ROLE_USER"/>
+            <security:user name="bob" password="password" authorities="ROLE_USER"/>
+        </security:user-service>
+    </security:authentication-provider>
+
+    <jaxws:server serviceClass="org.apache.cxf.systest.security.OnewayService" address="/oneway">
+        <jaxws:serviceBean>
+            <bean class="org.apache.cxf.systest.security.OnewayServiceImpl"/>
+        </jaxws:serviceBean>
+        <jaxws:inInterceptors>
+            <ssec:spring-security-context-consumer-interceptor/>
+        </jaxws:inInterceptors>
+        <jaxws:features>
+            <ssec:spring-security-context-feature/>
+        </jaxws:features>
+    </jaxws:server>
+</beans>

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_http_auth_jaxws_oneway/WEB-INF/beans.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_http_auth_jaxws_oneway/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_http_auth_jaxws_oneway/WEB-INF/web.xml?rev=917689&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_http_auth_jaxws_oneway/WEB-INF/web.xml (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_http_auth_jaxws_oneway/WEB-INF/web.xml Mon Mar  1 20:06:25 2010
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE web-app
+    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+    "http://java.sun.com/dtd/web-app_2_3.dtd">
+<!--
+	Licensed to the Apache Software Foundation (ASF) under one
+	or more contributor license agreements. See the NOTICE file
+	distributed with this work for additional information
+	regarding copyright ownership. The ASF licenses this file
+	to you under the Apache License, Version 2.0 (the
+	"License"); you may not use this file except in compliance
+	with the License. You may obtain a copy of the License at
+	
+	http://www.apache.org/licenses/LICENSE-2.0
+	
+	Unless required by applicable law or agreed to in writing,
+	software distributed under the License is distributed on an
+	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+	KIND, either express or implied. See the License for the
+	specific language governing permissions and limitations
+	under the License.
+-->
+<!-- START SNIPPET: webxml -->
+<web-app>
+	<context-param>
+		<param-name>contextConfigLocation</param-name>
+		<param-value>WEB-INF/beans.xml</param-value>
+	</context-param>
+
+	<listener>
+		<listener-class>
+			org.springframework.web.context.ContextLoaderListener
+		</listener-class>
+	</listener>
+
+    <filter>
+      <filter-name>springSecurityFilterChain</filter-name>
+      <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+    </filter>
+  
+    <filter-mapping>
+      <filter-name>springSecurityFilterChain</filter-name>
+      <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+	<servlet>
+		<servlet-name>CXFServlet</servlet-name>
+		<display-name>CXF Servlet</display-name>
+		<servlet-class>
+			org.apache.cxf.transport.servlet.CXFServlet
+		</servlet-class>
+		<load-on-startup>1</load-on-startup>
+	</servlet>
+
+	<servlet-mapping>
+		<servlet-name>CXFServlet</servlet-name>
+		<url-pattern>/*</url-pattern>
+	</servlet-mapping>
+</web-app>
+<!-- END SNIPPET: webxml -->

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_http_auth_jaxws_oneway/WEB-INF/web.xml
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message