Return-Path: 
 <commits-return-12514-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: (qmail 52289 invoked from network); 13 Oct 2010 20:57:13 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 13 Oct 2010 20:57:13 -0000
Received: (qmail 7067 invoked by uid 500); 13 Oct 2010 20:57:12 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 7027 invoked by uid 500); 13 Oct 2010 20:57:12 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 7020 invoked by uid 99); 13 Oct 2010 20:57:12 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Oct 2010 20:57:12 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Oct 2010 20:57:08 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id 972152388A02; Wed, 13 Oct 2010 20:56:11 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1022290 - in /cxf/sandbox/veithen/cxf-spring-security:
 cxf-spring-security/
 cxf-spring-security/src/main/java/org/apache/cxf/security/spring/
 cxf-systests-spring-security/
 cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/s...
Date: Wed, 13 Oct 2010 20:56:11 -0000
To: commits@cxf.apache.org
From: veithen@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20101013205611.972152388A02@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: veithen
Date: Wed Oct 13 20:56:10 2010
New Revision: 1022290

URL: http://svn.apache.org/viewvc?rev=1022290&view=rev
Log:
Sandbox: some initial (partial) support for password digest authentication with WS-Security.

Added:
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/ServerPasswordCallbackHandlerParser.java   (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/META-INF/wsdl/calculator-digest.wsdl
Modified:
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/pom.xml
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/NamespaceHandler.java
    cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/ServerPasswordCallbackHandler.java
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/pom.xml
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/WssJaxwsTest.java
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_wss_jaxws/WEB-INF/beans.xml
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_wss_jaxws/clients.xml

Modified: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/pom.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/pom.xml?rev=1022290&r1=1022289&r2=1022290&view=diff
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/pom.xml (original)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/pom.xml Wed Oct 13 20:56:10 2010
@@ -57,5 +57,11 @@
             <artifactId>spring-security-core</artifactId>
             <version>2.0.4</version>
         </dependency>
+        <!-- UserDetailsService references classes (e.g. DataAccessException) from this JAR -->
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-tx</artifactId>
+            <version>${spring.version}</version>
+        </dependency>
     </dependencies>
 </project>
\ No newline at end of file

Modified: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/NamespaceHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/NamespaceHandler.java?rev=1022290&r1=1022289&r2=1022290&view=diff
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/NamespaceHandler.java (original)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/NamespaceHandler.java Wed Oct 13 20:56:10 2010
@@ -26,7 +26,7 @@ public class NamespaceHandler extends Na
         registerBeanDefinitionParser("basic-auth-interceptor",
                 new AuthenticationManagerAwareBeanDefinitionParser(BasicAuthInterceptor.class));
         registerBeanDefinitionParser("server-password-callback-handler",
-                new AuthenticationManagerAwareBeanDefinitionParser(ServerPasswordCallbackHandler.class));
+                new ServerPasswordCallbackHandlerParser());
         registerBeanDefinitionParser("spring-security-context-feature",
                 new SimpleBeanDefinitionParser(SpringSecurityContextFeature.class));
         registerBeanDefinitionParser("generic-username-password-interceptor",

Modified: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/ServerPasswordCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/ServerPasswordCallbackHandler.java?rev=1022290&r1=1022289&r2=1022290&view=diff
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/ServerPasswordCallbackHandler.java (original)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/ServerPasswordCallbackHandler.java Wed Oct 13 20:56:10 2010
@@ -36,6 +36,8 @@ import org.springframework.security.Auth
 import org.springframework.security.AuthenticationException;
 import org.springframework.security.AuthenticationManager;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.UserDetailsService;
 
 public class ServerPasswordCallbackHandler implements CallbackHandler, InitializingBean {
     private static final Logger LOG = LogUtils.getL7dLogger(
@@ -44,6 +46,7 @@ public class ServerPasswordCallbackHandl
     private AuthenticationManager authenticationManager;
     private boolean nestExceptions;
     private boolean logExceptions;
+    private UserDetailsService userDetailsService;
 
     public void setAuthenticationManager(AuthenticationManager authenticationManager) {
         this.authenticationManager = authenticationManager;
@@ -56,30 +59,51 @@ public class ServerPasswordCallbackHandl
     public void setLogExceptions(boolean logExceptions) {
         this.logExceptions = logExceptions;
     }
+    
+    public void setUserDetailsService(UserDetailsService userDetailsService) {
+        this.userDetailsService = userDetailsService;
+    }
 
     public void afterPropertiesSet() throws Exception {
         if (authenticationManager == null) {
             throw new IllegalStateException("No authentication manager has been configured");
         }
+        if (userDetailsService == null) {
+            LOG.fine("UserDetailsService not set; digest authentication will not be available");
+        }
     }
 
     public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
         for (Callback callback : callbacks) {
             if (callback instanceof WSPasswordCallback) {
                 WSPasswordCallback pwCallback = (WSPasswordCallback)callback;
-                // TODO: need to check getUsage
-                Authentication authentication = new UsernamePasswordAuthenticationToken(
-                        pwCallback.getIdentifier(), pwCallback.getPassword());
-                try {
-                    authentication = authenticationManager.authenticate(authentication);
-                } catch (AuthenticationException ex) {
-                    throw translateException(ex);
-                }
-                Message message = PhaseInterceptorChain.getCurrentMessage();
-                if (message == null) {
-                    LOG.fine("No current message; can't add the Authentication object to the Exchange.");
-                } else {
-                    message.getExchange().put(Authentication.class, authentication);
+                int usage = pwCallback.getUsage();
+                if (usage == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+                    // Plaintext authentication
+                    Authentication authentication = new UsernamePasswordAuthenticationToken(
+                            pwCallback.getIdentifier(), pwCallback.getPassword());
+                    try {
+                        authentication = authenticationManager.authenticate(authentication);
+                    } catch (AuthenticationException ex) {
+                        throw translateException(ex);
+                    }
+                    Message message = PhaseInterceptorChain.getCurrentMessage();
+                    if (message == null) {
+                        LOG.fine("No current message; can't add the Authentication object to the Exchange.");
+                    } else {
+                        message.getExchange().put(Authentication.class, authentication);
+                    }
+                } else if (usage == WSPasswordCallback.USERNAME_TOKEN) {
+                    // Password digest
+                    if (userDetailsService == null) {
+                        throw new UnsupportedCallbackException(callback, "Digest authentication not supported because userDetailsService has not been set");
+                    }
+                    UserDetails userDetails;
+                    // TODO: intercept UsernameNotFoundException! (and add unit test for it)
+                    // TODO: probably we should use a UserCache to cache the result
+                    userDetails = userDetailsService.loadUserByUsername(pwCallback.getIdentifier());
+                    pwCallback.setPassword(userDetails.getPassword());
+                    // TODO: the issue here is that since authentication is done inside CXF/WSS4J, we can't add an Authentication object here!
                 }
             } else {
                 throw new UnsupportedCallbackException(callback);

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/ServerPasswordCallbackHandlerParser.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/ServerPasswordCallbackHandlerParser.java?rev=1022290&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/ServerPasswordCallbackHandlerParser.java (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/ServerPasswordCallbackHandlerParser.java Wed Oct 13 20:56:10 2010
@@ -0,0 +1,37 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.security.spring;
+
+import org.springframework.beans.factory.support.BeanDefinitionBuilder;
+import org.springframework.beans.factory.xml.ParserContext;
+import org.springframework.security.config.BeanIds;
+import org.w3c.dom.Element;
+
+public class ServerPasswordCallbackHandlerParser extends AuthenticationManagerAwareBeanDefinitionParser {
+    public ServerPasswordCallbackHandlerParser() {
+        super(ServerPasswordCallbackHandler.class);
+    }
+
+    @Override
+    protected void doParse(Element element, ParserContext ctx, BeanDefinitionBuilder bean) {
+        super.doParse(element, ctx, bean);
+        bean.addPropertyReference("userDetailsService", BeanIds.USER_DETAILS_SERVICE);
+    }
+}

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-spring-security/src/main/java/org/apache/cxf/security/spring/ServerPasswordCallbackHandlerParser.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/pom.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/pom.xml?rev=1022290&r1=1022289&r2=1022290&view=diff
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/pom.xml (original)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/pom.xml Wed Oct 13 20:56:10 2010
@@ -21,7 +21,7 @@
     <groupId>com.google.code.cxf-spring-security</groupId>
     <artifactId>cxf-systests-spring-security</artifactId>
     <packaging>jar</packaging>
-    <version>2.3.0-SNAPSHOT</version>
+    <version>SNAPSHOT</version>
     <name>Apache CXF Spring Security integration :: Systests</name>
     <url>http://code.google.com/p/cxf-spring-security/</url>
 
@@ -101,13 +101,6 @@
             <scope>test</scope>
         </dependency>
         
-        <!-- Required by in-memory user details service -->
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-tx</artifactId>
-            <version>${spring.version}</version>
-            <scope>test</scope>
-        </dependency>
         <!-- This is required for <security:global-method-security> -->
         <dependency>
             <groupId>org.aspectj</groupId>
@@ -178,7 +171,7 @@
             <plugin>
                 <groupId>org.apache.cxf</groupId>
                 <artifactId>cxf-codegen-plugin</artifactId>
-                <version>${project.version}</version>
+                <version>${cxf.version}</version>
                 <executions>
                     <execution>
                         <phase>generate-sources</phase>

Modified: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/WssJaxwsTest.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/WssJaxwsTest.java?rev=1022290&r1=1022289&r2=1022290&view=diff
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/WssJaxwsTest.java (original)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/WssJaxwsTest.java Wed Oct 13 20:56:10 2010
@@ -75,4 +75,16 @@ public class WssJaxwsTest extends Abstra
         Calculator service = getClientProxy("username-wrong-password", "/username");
         service.add(2, 3);
     }
+    
+    @Test
+    public void testDigest() {
+        Calculator service = getClientProxy("digest", "/digest");
+        assertEquals(5, service.add(2, 3));
+    }
+    
+    @Test(expected=SOAPFaultException.class)
+    public void testDigestWrongPassword() {
+        Calculator service = getClientProxy("digest-wrong-password", "/digest");
+        service.add(2, 3);
+    }
 }

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/META-INF/wsdl/calculator-digest.wsdl
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/META-INF/wsdl/calculator-digest.wsdl?rev=1022290&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/META-INF/wsdl/calculator-digest.wsdl (added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/META-INF/wsdl/calculator-digest.wsdl Wed Oct 13 20:56:10 2010
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+                  targetNamespace="urn:test:calculator:digest"
+                  xmlns:calc="urn:test:calculator"
+                  xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+                  xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+    <wsdl:import location="calculator.wsdl" namespace="urn:test:calculator"/>
+    <wsdl:service name="CalculatorService">
+        <wsdl:port binding="calc:CalculatorSOAP" name="CalculatorSOAP">
+            <wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+                        xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+                        xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                <wsp:ExactlyOne>
+                    <wsp:All>
+                        <sp:SupportingTokens>
+                            <wsp:Policy>
+                                <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                                    <wsp:Policy>
+                                        <sp:HashPassword/>
+                                    </wsp:Policy>
+                                </sp:UsernameToken>
+                            </wsp:Policy>
+                        </sp:SupportingTokens>
+                    </wsp:All>
+                </wsp:ExactlyOne>
+            </wsp:Policy>
+            <soap:address location="REPLACE_WITH_ACTUAL_URI"/>
+        </wsdl:port>
+    </wsdl:service>
+</wsdl:definitions>

Modified: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_wss_jaxws/WEB-INF/beans.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_wss_jaxws/WEB-INF/beans.xml?rev=1022290&r1=1022289&r2=1022290&view=diff
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_wss_jaxws/WEB-INF/beans.xml (original)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_wss_jaxws/WEB-INF/beans.xml Wed Oct 13 20:56:10 2010
@@ -52,4 +52,16 @@
             </entry>
         </jaxws:properties>
     </jaxws:endpoint>
+    
+    <jaxws:endpoint xmlns:p="urn:test:calculator:digest"
+                    implementor="org.apache.cxf.systest.security.CalculatorImpl"
+                    wsdlLocation="META-INF/wsdl/calculator-digest.wsdl"
+                    serviceName="p:CalculatorService"
+                    address="/digest">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler">
+                <ssec:server-password-callback-handler logExceptions="true" nestExceptions="false"/>
+            </entry>
+        </jaxws:properties>
+    </jaxws:endpoint>
 </beans>

Modified: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_wss_jaxws/clients.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_wss_jaxws/clients.xml?rev=1022290&r1=1022289&r2=1022290&view=diff
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_wss_jaxws/clients.xml (original)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_wss_jaxws/clients.xml Wed Oct 13 20:56:10 2010
@@ -50,4 +50,26 @@
             <entry key="ws-security.password" value="wrong"/>
         </jaxws:properties>
     </jaxws:client>
+    
+    <jaxws:client id="digest"
+                  xmlns:p="urn:test:calculator:digest"
+                  serviceClass="test.calculator.Calculator"
+                  serviceName="p:CalculatorService"
+                  wsdlLocation="META-INF/wsdl/calculator-digest.wsdl">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="joe"/>
+            <entry key="ws-security.password" value="password"/>
+        </jaxws:properties>
+    </jaxws:client>
+    
+    <jaxws:client id="digest-wrong-password"
+                  xmlns:p="urn:test:calculator:digest"
+                  serviceClass="test.calculator.Calculator"
+                  serviceName="p:CalculatorService"
+                  wsdlLocation="META-INF/wsdl/calculator-digest.wsdl">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="joe"/>
+            <entry key="ws-security.password" value="wrong"/>
+        </jaxws:properties>
+    </jaxws:client>
 </beans>