cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r936521 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/ rt/ws/security/sr...
Date Wed, 21 Apr 2010 21:33:23 GMT
Author: sergeyb
Date: Wed Apr 21 21:33:22 2010
New Revision: 936521

URL: http://svn.apache.org/viewvc?rev=936521&view=rev
Log:
CXF-2754: addressing a case where UsernameTokenInterceptor is used in policy-first cases 

Added:
    cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationTest.java
  (with props)
    cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/client/client_restricted_unauthorized.xml
  (with props)
    cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer.java
  (with props)
    cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java
  (with props)
    cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/server_restricted_authorized.xml
  (with props)
Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/UsernameTokenInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=936521&r1=936520&r2=936521&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Wed Apr 21 21:33:22 2010
@@ -30,6 +30,8 @@ import java.util.Set;
 public final class SecurityConstants {
     public static final String USERNAME = "ws-security.username";
     public static final String PASSWORD = "ws-security.password";
+    public static final String VALIDATE_PASSWORD = "ws-security.validate.password";
+    
     public static final String CALLBACK_HANDLER = "ws-security.callback-handler";
     
     public static final String SIGNATURE_USERNAME = "ws-security.signature.username";

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java?rev=936521&r1=936520&r2=936521&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
Wed Apr 21 21:33:22 2010
@@ -158,7 +158,7 @@ public final class WSSecurityPolicyLoade
         reg.register(new WSSecurityInterceptorProvider());
         reg.register(new HttpsTokenInterceptorProvider());
         reg.register(new IssuedTokenInterceptorProvider());
-        reg.register(new UsernameTokenInterceptorProvider());
+        reg.register(new UsernameTokenInterceptorProvider(bus));
         reg.register(new SecureConversationTokenInterceptorProvider());
     }
 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/UsernameTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/UsernameTokenInterceptorProvider.java?rev=936521&r1=936520&r2=936521&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/UsernameTokenInterceptorProvider.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/UsernameTokenInterceptorProvider.java
Wed Apr 21 21:33:22 2010
@@ -24,6 +24,7 @@ import java.util.Collection;
 
 import javax.xml.namespace.QName;
 
+import org.apache.cxf.Bus;
 import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider;
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor;
@@ -40,9 +41,19 @@ public class UsernameTokenInterceptorPro
     }
 
     public UsernameTokenInterceptorProvider() {
+        this(new UsernameTokenInterceptor());
+    }
+    
+    public UsernameTokenInterceptorProvider(Bus bus) {
+        this((UsernameTokenInterceptor)
+             bus.getProperty("org.apache.cxf.ws.security.usernametoken.interceptor"));
+    }
+    
+    public UsernameTokenInterceptorProvider(UsernameTokenInterceptor inInterceptor) {
         super(ASSERTION_TYPES);
         this.getOutInterceptors().add(new UsernameTokenInterceptor());
-        this.getInInterceptors().add(new UsernameTokenInterceptor());
+        this.getInInterceptors().add(inInterceptor == null ? new UsernameTokenInterceptor()
: inInterceptor);
         //not needed on fault chains
     }
+    
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java?rev=936521&r1=936520&r2=936521&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
Wed Apr 21 21:33:22 2010
@@ -27,6 +27,7 @@ import java.util.Set;
 import java.util.Vector;
 import java.util.logging.Logger;
 
+import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
 import javax.xml.namespace.QName;
 
@@ -75,7 +76,6 @@ public class UsernameTokenInterceptor ex
         HEADERS.add(new QName(WSConstants.WSSE11_NS, "Security"));
     }
 
-
     /**
      * @param p
      */
@@ -124,11 +124,8 @@ public class UsernameTokenInterceptor ex
         Element child = DOMUtils.getFirstElement(el);
         while (child != null) {
             if (SPConstants.USERNAME_TOKEN.equals(child.getLocalName())) {
-                UsernameTokenProcessor p = new UsernameTokenProcessor();
-                
                 try  {
-                    final WSUsernameTokenPrincipal princ = p.handleUsernameToken(child, 
-                                                                           getCallback(message));
+                    final WSUsernameTokenPrincipal princ = getPrincipal(child, message);
                     if (princ != null) {
                         Vector<WSSecurityEngineResult>v = new Vector<WSSecurityEngineResult>();
                         v.add(0, new WSSecurityEngineResult(WSConstants.UT, princ, null,
null, null));
@@ -145,15 +142,10 @@ public class UsernameTokenInterceptor ex
                         message.put(WSS4JInInterceptor.PRINCIPAL_RESULT, princ);        
          
                         SecurityContext sc = message.get(SecurityContext.class);
                         if (sc == null || sc.getUserPrincipal() == null) {
-                            SecurityContext c = new SecurityContext() {
-                                public Principal getUserPrincipal() {
-                                    return princ;
-                                }
-                                public boolean isUserInRole(String role) {
-                                    return false;
-                                }
-                            };
-                            message.put(SecurityContext.class, c);
+                            Subject subject = createSubject(princ.getName(), princ.getPassword(),
+                                princ.isPasswordDigest(), princ.getNonce(), princ.getCreatedTime());
+                            message.put(SecurityContext.class, 
+                                        createSecurityContext(princ, subject));
                         }
 
                     }
@@ -165,6 +157,56 @@ public class UsernameTokenInterceptor ex
         }
     }
 
+    protected WSUsernameTokenPrincipal getPrincipal(Element tokenElement, SoapMessage message)
+        throws WSSecurityException {
+        
+        Object validateProperty = message.getContextualProperty(SecurityConstants.VALIDATE_PASSWORD);
+        if (validateProperty == null || MessageUtils.isTrue(validateProperty)) {
+            UsernameTokenProcessor p = new UsernameTokenProcessor();
+            return p.handleUsernameToken(tokenElement, getCallback(message));
+        } else {
+            return parseTokenAndCreatePrincipal(tokenElement);
+        }
+    }
+    
+    protected WSUsernameTokenPrincipal parseTokenAndCreatePrincipal(Element tokenElement)

+        throws WSSecurityException {
+        org.apache.ws.security.message.token.UsernameToken ut = 
+            new org.apache.ws.security.message.token.UsernameToken(tokenElement, false);
+        
+        WSUsernameTokenPrincipal principal = new WSUsernameTokenPrincipal(ut.getName(), ut.isHashed());
+        principal.setNonce(ut.getNonce());
+        principal.setPassword(ut.getPassword());
+        principal.setCreatedTime(ut.getCreated());
+        principal.setPasswordType(ut.getPasswordType());
+
+        return principal;
+    }
+    
+    protected SecurityContext createSecurityContext(final Principal p, Subject subject) {
+        return new DefaultSecurityContext(p, subject);
+    }
+    
+    /**
+     * Create a Subject representing a current user and its roles. 
+     * This Subject is expected to contain at least one Principal representing a user
+     * and optionally followed by one or more principal Groups this user is a member of.
+     * @param name username
+     * @param password password
+     * @param isDigest true if a password digest is used
+     * @param nonce optional nonce
+     * @param created optional timestamp
+     * @return subject
+     * @throws SecurityException
+     */
+    protected Subject createSubject(String name, 
+                                    String password, 
+                                    boolean isDigest,
+                                    String nonce,
+                                    String created) throws SecurityException {
+        return null;
+    }
+    
     private UsernameToken assertUsernameTokens(SoapMessage message, WSUsernameTokenPrincipal
princ) {
         AssertionInfoMap aim = message.get(AssertionInfoMap.class);
         Collection<AssertionInfo> ais = aim.getAssertionInfo(SP12Constants.USERNAME_TOKEN);
@@ -338,4 +380,6 @@ public class UsernameTokenInterceptor ex
         }
         throw new PolicyException(reason);
     }
+    
+    
 }

Added: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationTest.java?rev=936521&view=auto
==============================================================================
--- cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationTest.java
(added)
+++ cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationTest.java
Wed Apr 21 21:33:22 2010
@@ -0,0 +1,110 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.wssec10;
+
+
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.systest.ws.wssec10.server.AuthorizedServer;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import wssec.wssec10.IPingService;
+import wssec.wssec10.PingService;
+
+
+/**
+ *
+ */
+public class WSSecurity10UsernameAuthorizationTest extends AbstractBusClientServerTestBase
{
+    
+    private static final String INPUT = "foo";
+    
+    @BeforeClass
+    public static void startServers() throws Exception {
+
+        assertTrue(
+            "Server failed to launch",
+            // run the server in the same process
+            // set this to false to fork
+            launchServer(AuthorizedServer.class, true)
+        );
+    }
+
+    @Test
+    public void testClientServerAuthorized() {
+
+        IPingService port = getPort(
+            "org/apache/cxf/systest/ws/wssec10/client/client_restricted.xml");
+        
+        final String output = port.echo(INPUT);
+        assertEquals(INPUT, output);
+    }
+    
+    @Test
+    public void testClientServerUnauthorized() {
+
+        IPingService port = getPort(
+            "org/apache/cxf/systest/ws/wssec10/client/client_restricted_unauthorized.xml");
+        
+        try {
+            port.echo(INPUT);
+            fail("Frank is unauthorized");
+        } catch (Exception ex) {
+            assertEquals("Unauthorized", ex.getMessage());
+        }
+    }
+    
+    private static IPingService getPort(String configName) {
+        Bus bus = new SpringBusFactory().createBus(configName);
+        
+        BusFactory.setDefaultBus(bus);
+        BusFactory.setThreadDefaultBus(bus);
+        PingService svc = new PingService(getWsdlLocation());
+        final IPingService port = 
+            svc.getPort(
+                new QName(
+                    "http://WSSec/wssec10",
+                    "UserName_IPingService"
+                ),
+                IPingService.class
+            );
+        return port;
+    }
+    
+    private static URL getWsdlLocation() {
+        try {
+            return new URL("http://localhost:9003/" + "UserName" + "?wsdl");
+        } catch (MalformedURLException mue) {
+            return null;
+        }
+        
+    }
+
+    
+}

Propchange: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationTest.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/client/client_restricted_unauthorized.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/client/client_restricted_unauthorized.xml?rev=936521&view=auto
==============================================================================
--- cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/client/client_restricted_unauthorized.xml
(added)
+++ cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/client/client_restricted_unauthorized.xml
Wed Apr 21 21:33:22 2010
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:http="http://cxf.apache.org/transports/http/configuration"
+       xmlns:jaxws="http://cxf.apache.org/jaxws"
+       xmlns:cxf="http://cxf.apache.org/core"
+       xmlns:p="http://cxf.apache.org/policy"
+       xmlns:sec="http://cxf.apache.org/configuration/security"
+       xsi:schemaLocation="
+          http://www.springframework.org/schema/beans           http://www.springframework.org/schema/beans/spring-beans.xsd
+          http://cxf.apache.org/jaxws                           http://cxf.apache.org/schemas/jaxws.xsd
+          http://cxf.apache.org/transports/http/configuration   http://cxf.apache.org/schemas/configuration/http-conf.xsd
+          http://cxf.apache.org/configuration/security          http://cxf.apache.org/schemas/configuration/security.xsd
+          http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+          http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd"
+>
+    <cxf:bus>
+        <cxf:features>
+            <p:policies/>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    
+    
+    <jaxws:client name="{http://WSSec/wssec10}UserName_IPingService" createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="Frank"/>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+        </jaxws:properties>
+    </jaxws:client>
+
+</beans>

Propchange: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/client/client_restricted_unauthorized.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/client/client_restricted_unauthorized.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/client/client_restricted_unauthorized.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer.java?rev=936521&view=auto
==============================================================================
--- cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer.java
(added)
+++ cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer.java
Wed Apr 21 21:33:22 2010
@@ -0,0 +1,51 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.ws.wssec10.server;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class AuthorizedServer extends AbstractBusTestServerBase {
+
+    private static String configFileName =
+        "org/apache/cxf/systest/ws/wssec10/server/server_restricted_authorized.xml";
+    
+    public AuthorizedServer() throws Exception {
+        
+    }
+    
+    protected void run()  {
+        Bus busLocal = new SpringBusFactory().createBus(configFileName);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+    }
+
+    public static void main(String args[]) throws Exception {
+        new AuthorizedServer();
+        new SpringBusFactory().createBus(configFileName);
+        System.out.println("Server ready...");
+
+        Thread.sleep(60 * 60 * 1000);
+        System.out.println("Server exiting");
+        System.exit(0);
+    }
+}
+

Propchange: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java?rev=936521&view=auto
==============================================================================
--- cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java
(added)
+++ cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java
Wed Apr 21 21:33:22 2010
@@ -0,0 +1,67 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.ws.wssec10.server;
+
+import javax.security.auth.Subject;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.security.SimpleGroup;
+import org.apache.cxf.common.security.SimplePrincipal;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor;
+
+public class CustomUsernameTokenInterceptor extends UsernameTokenInterceptor {
+    
+    protected Subject createSubject(String name, 
+                                    String password, 
+                                    boolean isDigest,
+                                    String nonce,
+                                    String created) throws SecurityException {
+        Subject subject = new Subject();
+        
+        // delegate to the external security system if possible
+        
+        // authenticate the user somehow
+        subject.getPrincipals().add(new SimplePrincipal(name));
+        
+        // add roles this user is in
+        String roleName = "Alice".equals(name) ? "developers" : "pms";
+        
+        subject.getPrincipals().add(new SimpleGroup(roleName, name));
+        subject.setReadOnly();
+        return subject;
+    }
+    
+    public void handleMessage(SoapMessage message) throws Fault {
+        message.put(SecurityConstants.VALIDATE_PASSWORD, Boolean.FALSE);
+        super.handleMessage(message);
+    }
+    
+    //  or, if needed
+    
+    // protected WSUsernameTokenPrincipal getPrincipal(Element tokenElement, SoapMessage
message)
+    //    throws WSSecurityException {
+    //    return super.parseTokenAndCreatePrincipal(tokenElement);
+    //}
+    
+    
+}
+
+

Propchange: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/server_restricted_authorized.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/server_restricted_authorized.xml?rev=936521&view=auto
==============================================================================
--- cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/server_restricted_authorized.xml
(added)
+++ cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/server_restricted_authorized.xml
Wed Apr 21 21:33:22 2010
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:jaxws="http://cxf.apache.org/jaxws"
+    xmlns:http="http://cxf.apache.org/transports/http/configuration"
+    xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+    xmlns:sec="http://cxf.apache.org/configuration/security"
+    xmlns:security="http://schemas.iona.com/soa/security-config"
+    xmlns:interop="http://WSSec/wssec10"
+    xmlns:cxf="http://cxf.apache.org/core"
+    xmlns:p="http://cxf.apache.org/policy"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans                     http://www.springframework.org/schema/beans/spring-beans.xsd
+        http://cxf.apache.org/jaxws                                     http://cxf.apache.org/schemas/jaxws.xsd
+        http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+        http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
+        http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd
+        http://cxf.apache.org/transports/http-jetty/configuration       http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+        http://cxf.apache.org/configuration/security                    http://cxf.apache.org/schemas/configuration/security.xsd
+        http://schemas.iona.com/soa/security-config                     http://schemas.iona.com/soa/security-config.xsd
+    ">
+    
+    <cxf:bus>
+        <cxf:features>
+            <p:policies/>
+            <cxf:logging/>
+        </cxf:features>
+        
+        <cxf:properties>
+            <entry key="org.apache.cxf.ws.security.usernametoken.interceptor" 
+                   value-ref="customUTInterceptor"/>
+        </cxf:properties>
+    </cxf:bus>
+
+    <bean id="customUTInterceptor" class="org.apache.cxf.systest.ws.wssec10.server.CustomUsernameTokenInterceptor"/>
+
+    <!-- -->
+    <!-- Any services listening on port 9001 must use the following -->
+    <!-- Transport Layer Security (TLS) settings -->
+    <!-- -->
+    <httpj:engine-factory id="tls-settings">
+        <httpj:engine port="9001">
+            <httpj:tlsServerParameters>
+                <sec:keyManagers keyPassword="password">
+                    <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/wssec10/certs/restricted/bob.jks"/>
+                </sec:keyManagers>
+                <sec:trustManagers>
+                    <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/wssec10/certs/restricted/alice.jks"/>
+                </sec:trustManagers> 
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
+    
+    <bean id="authorizationInterceptor" class="org.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor">
+        <property name="methodRolesMap">
+            <map>
+               <entry key="echo" value="developers"/>
+            </map>
+        </property>
+    </bean>
+    
+    <jaxws:endpoint 
+       id="UserName"
+       address="http://localhost:9003/UserName" 
+       serviceName="interop:PingService"
+       endpointName="interop:UserName_IPingService"
+       implementor="org.apache.cxf.systest.ws.wssec10.server.UserNameOverTransportRestricted"
+       depends-on="tls-settings">
+        
+       <jaxws:inInterceptors>
+            <ref bean="authorizationInterceptor"/>
+       </jaxws:inInterceptors>
+     
+    </jaxws:endpoint> 
+    
+</beans>

Propchange: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/server_restricted_authorized.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/server_restricted_authorized.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/server_restricted_authorized.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml



Mime
View raw message