Return-Path: 
 <commits-return-12728-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: (qmail 13443 invoked from network); 7 Nov 2010 15:09:19 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 7 Nov 2010 15:09:19 -0000
Received: (qmail 98204 invoked by uid 500); 7 Nov 2010 15:09:50 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 98091 invoked by uid 500); 7 Nov 2010 15:09:48 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 98083 invoked by uid 99); 7 Nov 2010 15:09:48 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 07 Nov 2010 15:09:48 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 07 Nov 2010 15:09:47 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id 19B672388A3D; Sun,  7 Nov 2010 15:08:34 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1032296 - in /cxf/trunk:
 rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java
 systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleUsernameTokenInterceptor.java
Date: Sun, 07 Nov 2010 15:08:34 -0000
To: commits@cxf.apache.org
From: sergeyb@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20101107150834.19B672388A3D@eris.apache.org>

Author: sergeyb
Date: Sun Nov  7 15:08:33 2010
New Revision: 1032296

URL: http://svn.apache.org/viewvc?rev=1032296&view=rev
Log:
[CXF-3063] : selecting Subject principal by default

Modified:
    cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java
    cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleUsernameTokenInterceptor.java

Modified: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java?rev=1032296&r1=1032295&r2=1032296&view=diff
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java (original)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java Sun Nov  7 15:08:33 2010
@@ -19,6 +19,7 @@
 package org.apache.cxf.interceptor.security;
 
 import java.security.Principal;
+import java.security.acl.Group;
 import java.util.logging.Logger;
 
 import javax.security.auth.Subject;
@@ -62,10 +63,20 @@ public abstract class AbstractSecurityCo
             reportSecurityException("Failed Authentication : Invalid Subject");
         }
         
-        SecurityContext sc = createSecurityContext(context.getUserPrincipal(), subject);
+        Principal principal = getPrincipal(context.getUserPrincipal(), subject);        
+        SecurityContext sc = createSecurityContext(principal, subject);
         message.put(SecurityContext.class, sc);
     }
     
+    protected Principal getPrincipal(Principal originalPrincipal, Subject subject) {
+        Principal[] ps = subject.getPrincipals().toArray(new Principal[]{});
+        if (ps != null && ps.length > 0 && !(ps[0] instanceof Group)) {
+            return ps[0];
+        } else {
+            return originalPrincipal;
+        }
+    }
+    
     protected SecurityContext createSecurityContext(Principal p, Subject subject) {
         return new DefaultSecurityContext(p, subject);
     }

Modified: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleUsernameTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleUsernameTokenInterceptor.java?rev=1032296&r1=1032295&r2=1032296&view=diff
==============================================================================
--- cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleUsernameTokenInterceptor.java (original)
+++ cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleUsernameTokenInterceptor.java Sun Nov  7 15:08:33 2010
@@ -18,12 +18,15 @@
  */
 package org.apache.cxf.systest.ws.wssec10.server;
 
+import java.security.Principal;
+
 import javax.security.auth.Subject;
 
 import org.apache.cxf.common.security.SimpleGroup;
 import org.apache.cxf.common.security.SimplePrincipal;
 import org.apache.cxf.common.security.UsernameToken;
 import org.apache.cxf.interceptor.security.AbstractUsernameTokenInInterceptor;
+import org.apache.cxf.security.SecurityContext;
 
 public class SimpleUsernameTokenInterceptor extends AbstractUsernameTokenInInterceptor {
     
@@ -32,6 +35,13 @@ public class SimpleUsernameTokenIntercep
                              ut.getNonce(), ut.getCreatedTime());
     }
     
+    protected SecurityContext createSecurityContext(Principal p, Subject subject) {
+        if (p == null || p != subject.getPrincipals().toArray()[0]) {
+            throw new SecurityException();
+        }
+        return super.createSecurityContext(p, subject);
+    }
+    
     protected Subject createSubject(String name, 
                                     String password, 
                                     boolean isDigest,