cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1050005 - in /cxf/trunk: rt/core/src/main/java/org/apache/cxf/interceptor/security/ rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/ systests/jaxrs/ systests/jaxrs/sr...
Date Thu, 16 Dec 2010 15:27:46 GMT
Author: sergeyb
Date: Thu Dec 16 15:27:45 2010
New Revision: 1050005

URL: http://svn.apache.org/viewvc?rev=1050005&view=rev
Log:
[CXF-3195] Introducing JAAS Interceptor and filter

Added:
    cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AuthenticationException.java   (with props)
    cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java   (with props)
    cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/Messages.properties   (with props)
    cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/NamePasswordCallbackHandler.java   (with props)
    cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java   (with props)
    cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java   (with props)
    cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginModule.java   (with props)
    cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookServerJaasSecurity.java   (with props)
    cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasSecurityTest.java   (with props)
    cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JettyJAASFilter.java   (with props)
    cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JettyJAASLoginInterceptor.java   (with props)
    cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaas.cfg
    cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/
    cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/
    cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml   (with props)
    cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/web.xml   (with props)
Modified:
    cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AccessDeniedException.java
    cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
    cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ResponseBuilderImpl.java
    cxf/trunk/systests/jaxrs/pom.xml
    cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/AbstractSpringSecurityTest.java
    cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSSimpleSecurityTest.java
    cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/SecurityOutFaultInterceptor.java

Modified: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AccessDeniedException.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AccessDeniedException.java?rev=1050005&r1=1050004&r2=1050005&view=diff
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AccessDeniedException.java (original)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AccessDeniedException.java Thu Dec 16 15:27:45 2010
@@ -18,7 +18,7 @@
  */
 package org.apache.cxf.interceptor.security;
 
-public class AccessDeniedException extends RuntimeException {
+public class AccessDeniedException extends SecurityException {
     public AccessDeniedException(String reason) {
         super(reason);
     }

Added: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AuthenticationException.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AuthenticationException.java?rev=1050005&view=auto
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AuthenticationException.java (added)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AuthenticationException.java Thu Dec 16 15:27:45 2010
@@ -0,0 +1,25 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.interceptor.security;
+
+public class AuthenticationException extends SecurityException {
+    public AuthenticationException(String reason) {
+        super(reason);
+    }
+}

Propchange: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AuthenticationException.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AuthenticationException.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java?rev=1050005&r1=1050004&r2=1050005&view=diff
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java (original)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java Thu Dec 16 15:27:45 2010
@@ -31,28 +31,44 @@ import org.apache.cxf.security.SecurityC
  * following approach : skip the first Subject principal, and then checks
  * Groups the principal is a member of
  * 
- * TODO : consider moving this class into common/security
+ * TODO : consider moving this class into a rt-core-security module
  */
 public class DefaultSecurityContext implements SecurityContext {
 
     private Principal p;
     private Subject subject; 
     
+    public DefaultSecurityContext(Subject subject) {
+        this.p = findPrincipal(subject);
+        this.subject = subject;
+    }
+    
     public DefaultSecurityContext(Principal p, Subject subject) {
         this.p = p;
         this.subject = subject;
     }
     
+    private static Principal findPrincipal(Subject subject) {
+        if (subject != null) {
+            for (Principal principal : subject.getPrincipals()) {
+                if (!(principal instanceof Group)) { 
+                    return principal;
+                }
+            }
+        }
+        return null;
+    }
+    
     public Principal getUserPrincipal() {
         return p;
     }
+    
     public boolean isUserInRole(String role) {
-        if (subject == null || subject.getPrincipals().size() <= 1) {
-            return false;
-        }
-        for (Principal principal : subject.getPrincipals()) {
-            if (principal instanceof Group && checkGroup((Group)principal, role)) { 
-                return true;
+        if (subject != null) {
+            for (Principal principal : subject.getPrincipals()) {
+                if (principal instanceof Group && checkGroup((Group)principal, role)) { 
+                    return true;
+                }
             }
         }
         return false;

Added: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java?rev=1050005&view=auto
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java (added)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java Thu Dec 16 15:27:45 2010
@@ -0,0 +1,126 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.interceptor.security;
+
+import java.util.ResourceBundle;
+import java.util.logging.Logger;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+import org.apache.cxf.common.i18n.BundleUtils;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.security.SecurityToken;
+import org.apache.cxf.common.security.TokenType;
+import org.apache.cxf.common.security.UsernameToken;
+import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.security.SecurityContext;
+
+public class JAASLoginInterceptor extends AbstractPhaseInterceptor<Message> {
+
+    private static final ResourceBundle BUNDLE = BundleUtils.getBundle(JAASLoginInterceptor.class);
+    private static final Logger LOG = LogUtils.getL7dLogger(JAASLoginInterceptor.class);
+    
+    private String contextName;
+    private String rolePrefix;
+    
+    public JAASLoginInterceptor() {
+        super(Phase.UNMARSHAL);
+    }
+    
+    public void setContextName(String name) {
+        contextName = name;
+    }
+    
+    public String getContextName() {
+        return contextName;
+    }
+    
+    public void setRolePrefix(String name) {
+        rolePrefix = name;
+    }
+    
+    public String getRolePrefix() {
+        return rolePrefix;
+    }
+    
+    @Override
+    public void handleMessage(Message message) throws Fault {
+
+        String name = null;
+        String password = null;
+        
+        AuthorizationPolicy policy = (AuthorizationPolicy)message.get(AuthorizationPolicy.class);
+        if (policy != null) {
+            name = policy.getUserName();
+            password = policy.getPassword();
+        } else {
+            // try the UsernameToken
+            SecurityToken token = message.get(SecurityToken.class);
+            if (token != null && token.getTokenType() == TokenType.UsernameToken) {
+                UsernameToken ut = (UsernameToken)token;
+                name = ut.getName();
+                password = ut.getPassword();
+            }
+        }
+        
+        if (name == null || password == null) {
+            org.apache.cxf.common.i18n.Message errorMsg = 
+                new org.apache.cxf.common.i18n.Message("NO_USER_PASSWORD", 
+                                                       BUNDLE, 
+                                                       name, password);
+            LOG.warning(errorMsg.toString());
+            throw new SecurityException(errorMsg.toString());
+        }
+        
+        try {
+            CallbackHandler handler = getCallbackHandler(name, password);  
+            LoginContext ctx = new LoginContext(getContextName(), handler);  
+            ctx.login();
+            
+            Subject subject = ctx.getSubject();
+            
+            message.put(SecurityContext.class, createSecurityContext(subject)); 
+        } catch (LoginException ex) {
+            String errorMessage = "Unauthorized : " + ex.getMessage();
+            LOG.fine(errorMessage.toString());
+            throw new AuthenticationException(errorMessage);
+        }
+    }
+
+    protected CallbackHandler getCallbackHandler(String name, String password) {
+        return new NamePasswordCallbackHandler(name, password);
+    }
+    
+    protected SecurityContext createSecurityContext(Subject subject) {
+        if (getRolePrefix() != null) {
+            return new RolePrefixSecurityContextImpl(subject, getRolePrefix());
+        } else {
+            return new DefaultSecurityContext(subject);
+        }
+    }
+    
+    
+}

Propchange: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/Messages.properties
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/Messages.properties?rev=1050005&view=auto
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/Messages.properties (added)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/Messages.properties Thu Dec 16 15:27:45 2010
@@ -0,0 +1,22 @@
+#
+#
+#    Licensed to the Apache Software Foundation (ASF) under one
+#    or more contributor license agreements. See the NOTICE file
+#    distributed with this work for additional information
+#    regarding copyright ownership. The ASF licenses this file
+#    to you under the Apache License, Version 2.0 (the
+#    "License"); you may not use this file except in compliance
+#    with the License. You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing,
+#    software distributed under the License is distributed on an
+#    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#    KIND, either express or implied. See the License for the
+#    specific language governing permissions and limitations
+#    under the License.
+#
+#
+UNSUPPORTED_CALLBACK_TYPE=Unsupported callback type {0}
+NO_USER_PASSWORD=No user name and/or password is available, name: {0}, password: {1} 

Propchange: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/Messages.properties
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/Messages.properties
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/Messages.properties
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/NamePasswordCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/NamePasswordCallbackHandler.java?rev=1050005&view=auto
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/NamePasswordCallbackHandler.java (added)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/NamePasswordCallbackHandler.java Thu Dec 16 15:27:45 2010
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.interceptor.security;
+
+import java.io.IOException;
+import java.util.ResourceBundle;
+import java.util.logging.Logger;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.cxf.common.i18n.BundleUtils;
+import org.apache.cxf.common.logging.LogUtils;
+
+public class NamePasswordCallbackHandler implements CallbackHandler {  
+    
+    private static final ResourceBundle BUNDLE = BundleUtils.getBundle(NamePasswordCallbackHandler.class);
+    private static final Logger LOG = LogUtils.getL7dLogger(NamePasswordCallbackHandler.class);
+    
+    private String username;  
+    private String password;  
+     
+    public NamePasswordCallbackHandler(String username, String password) {  
+        this.username = username;  
+        this.password = password;  
+    }  
+     
+    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {  
+        for (int i = 0; i < callbacks.length; i++) {  
+            Callback callback = callbacks[i];
+            if (handleCallback(callback)) {
+                continue;
+            } else if (callback instanceof NameCallback) {  
+                ((NameCallback) callback).setName(username);  
+            } else if (callback instanceof PasswordCallback) {  
+                PasswordCallback pwCallback = (PasswordCallback) callback;  
+                pwCallback.setPassword(password.toCharArray());  
+            } else {
+                org.apache.cxf.common.i18n.Message errorMsg = 
+                    new org.apache.cxf.common.i18n.Message("UNSUPPORTED_CALLBACK_TYPE", 
+                                                           BUNDLE, 
+                                                           callbacks[i].getClass().getName());
+                LOG.severe(errorMsg.toString());
+                throw new UnsupportedCallbackException(callbacks[i], errorMsg.toString());  
+            }  
+        }  
+    }      
+    
+    protected boolean handleCallback(Callback callback) {
+        return false;
+    }
+}

Propchange: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/NamePasswordCallbackHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/NamePasswordCallbackHandler.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java?rev=1050005&view=auto
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java (added)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java Thu Dec 16 15:27:45 2010
@@ -0,0 +1,65 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.interceptor.security;
+
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+import org.apache.cxf.security.SecurityContext;
+
+public class RolePrefixSecurityContextImpl implements SecurityContext {
+    private Principal p;
+    private Set<String> roles; 
+    
+    public RolePrefixSecurityContextImpl(Subject subject, String rolePrefix) {
+        this.p = findPrincipal(subject, rolePrefix);
+        this.roles = findRoles(subject, rolePrefix);
+    }
+    
+    public Principal getUserPrincipal() {
+        return p;
+    }
+
+    public boolean isUserInRole(String role) {
+        return roles.contains(role);
+    }
+    
+    private static Principal findPrincipal(Subject subject, String rolePrefix) {
+        for (Principal p : subject.getPrincipals()) {
+            if (!p.getName().startsWith(rolePrefix)) {
+                return p;
+            }
+        }
+        return null;
+    }
+    
+    private static Set<String> findRoles(Subject subject, String rolePrefix) {
+        Set<String> set = new HashSet<String>();
+        for (Principal p : subject.getPrincipals()) {
+            if (p.getName().startsWith(rolePrefix)) {
+                set.add(p.getName());
+            }
+        }
+        return set;
+    }
+}
\ No newline at end of file

Propchange: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ResponseBuilderImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ResponseBuilderImpl.java?rev=1050005&r1=1050004&r2=1050005&view=diff
==============================================================================
--- cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ResponseBuilderImpl.java (original)
+++ cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ResponseBuilderImpl.java Thu Dec 16 15:27:45 2010
@@ -142,6 +142,8 @@ public final class ResponseBuilderImpl e
         if (HttpUtils.isDateRelatedHeader(name)) {
             Object theValue = value instanceof Date ? toHttpDate((Date)value) : value;  
             return setHeader(name, theValue);
+        } else if (HttpHeaders.LOCATION.equals(name)) {
+            return location(URI.create(value.toString()));
         } else {
             return addHeader(name, value);
         }

Added: cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java?rev=1050005&view=auto
==============================================================================
--- cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java (added)
+++ cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java Thu Dec 16 15:27:45 2010
@@ -0,0 +1,117 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.jaxrs.security;
+
+import java.util.Arrays;
+import java.util.List;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.ResponseBuilder;
+
+import org.apache.cxf.interceptor.security.AuthenticationException;
+import org.apache.cxf.interceptor.security.JAASLoginInterceptor;
+import org.apache.cxf.interceptor.security.NamePasswordCallbackHandler;
+import org.apache.cxf.jaxrs.ext.RequestHandler;
+import org.apache.cxf.jaxrs.impl.HttpHeadersImpl;
+import org.apache.cxf.jaxrs.model.ClassResourceInfo;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.message.Message;
+
+
+public class JAASAuthenticationFilter implements RequestHandler {
+
+    private static final List<MediaType> HTML_MEDIA_TYPES = 
+        Arrays.asList(MediaType.APPLICATION_XHTML_XML_TYPE, MediaType.TEXT_HTML_TYPE);
+    
+    private String redirectURI;
+    private String realmName;
+    
+    private JAASLoginInterceptor interceptor = new JAASLoginInterceptor() {
+        protected CallbackHandler getCallbackHandler(String name, String password) {
+            return JAASAuthenticationFilter.this.getCallbackHandler(name, password);
+        }    
+    };
+    
+    public void setContextName(String name) {
+        interceptor.setContextName(name);
+    }
+    
+    public void setRolePrefix(String name) {
+        interceptor.setRolePrefix(name);
+    }
+    
+    public void setRedirectURI(String uri) {
+        this.redirectURI = uri;
+    }
+    
+    public void setRealmName(String name) {
+        this.realmName = name;
+    }
+    
+    protected CallbackHandler getCallbackHandler(String name, String password) {
+        return new NamePasswordCallbackHandler(name, password);
+    }
+    
+    public Response handleRequest(Message m, ClassResourceInfo resourceClass) {
+        try {
+            interceptor.handleMessage(m);
+            return null;
+        } catch (AuthenticationException ex) {
+            return handleSecurityException(ex, new HttpHeadersImpl(m));
+        }
+    }
+
+    protected Response handleSecurityException(SecurityException ex, HttpHeaders headers) {
+        if (redirectURI != null && isRedirectPossible(headers)) {
+            return Response.status(getRedirectStatus()).
+                    header(HttpHeaders.LOCATION, redirectURI).build();
+        } else {
+            ResponseBuilder builder = Response.status(Response.Status.UNAUTHORIZED);
+            
+            List<String> authHeader = headers.getRequestHeader(HttpHeaders.AUTHORIZATION);
+            if (authHeader.size() > 0) {
+                StringBuilder sb = new StringBuilder();
+                // should HttpHeadersImpl do it ?
+                String[] authValues = authHeader.get(0).split(" ");
+                if (authValues.length > 0) {
+                    sb.append(authValues[0]);
+                    if (realmName != null) {
+                        sb.append(' ').append(realmName);
+                    }
+                    builder.header(HttpHeaders.WWW_AUTHENTICATE, sb.toString());
+                }
+            }
+            
+            return builder.build();
+        }
+    }
+    
+    protected Response.Status getRedirectStatus() {
+        return Response.Status.TEMPORARY_REDIRECT;
+    }
+    
+    protected boolean isRedirectPossible(HttpHeaders headers) {
+        List<MediaType> clientTypes = headers.getAcceptableMediaTypes();
+        return !JAXRSUtils.intersectMimeTypes(clientTypes, HTML_MEDIA_TYPES, false)
+                          .isEmpty();
+    }
+}

Propchange: cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/systests/jaxrs/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/pom.xml?rev=1050005&r1=1050004&r2=1050005&view=diff
==============================================================================
--- cxf/trunk/systests/jaxrs/pom.xml (original)
+++ cxf/trunk/systests/jaxrs/pom.xml Thu Dec 16 15:27:45 2010
@@ -87,6 +87,11 @@
        		<groupId>org.eclipse.jetty</groupId>
        		<artifactId>jetty-server</artifactId>
         </dependency>
+         <dependency>
+       		<groupId>org.eclipse.jetty</groupId>
+       		<artifactId>jetty-plus</artifactId>
+       		 <version>${cxf.jetty.version}</version>
+        </dependency>
           <dependency>
        		<groupId>org.eclipse.jetty</groupId>
        		<artifactId>jetty-webapp</artifactId>

Modified: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/AbstractSpringSecurityTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/AbstractSpringSecurityTest.java?rev=1050005&r1=1050004&r2=1050005&view=diff
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/AbstractSpringSecurityTest.java (original)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/AbstractSpringSecurityTest.java Thu Dec 16 15:27:45 2010
@@ -39,7 +39,7 @@ public abstract class AbstractSpringSecu
         return bos.getOut().toString();        
     }
     
-    private String base64Encode(String value) {
+    protected String base64Encode(String value) {
         return Base64Utility.encode(value.getBytes());
     }
     

Added: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginModule.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginModule.java?rev=1050005&view=auto
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginModule.java (added)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginModule.java Thu Dec 16 15:27:45 2010
@@ -0,0 +1,67 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.security;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+import org.eclipse.jetty.plus.jaas.spi.PropertyFileLoginModule;
+
+public class BookLoginModule implements LoginModule {
+
+    private PropertyFileLoginModule module;
+    private String fileResource;
+    
+    public BookLoginModule() {
+        module = new PropertyFileLoginModule();
+        fileResource = getClass()
+            .getResource("/org/apache/cxf/systest/jaxrs/security/jetty-realm.properties").getFile();
+    }
+    
+    public boolean abort() throws LoginException {
+        return module.abort();
+    }
+
+    public boolean commit() throws LoginException {
+        return module.commit();
+    }
+
+    public void initialize(Subject subject, CallbackHandler handler,
+                           Map<String, ? extends Object> sharedState, Map<String, ? extends Object> options) {
+        
+        Map<String, String> customOptions = new HashMap<String, String>();
+        customOptions.put("file", fileResource);
+        
+        module.initialize(subject, handler, sharedState, customOptions);
+    }
+
+    public boolean login() throws LoginException {
+        return module.login();
+    }
+
+    public boolean logout() throws LoginException {
+        return module.logout();
+    }
+
+}

Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginModule.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginModule.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookServerJaasSecurity.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookServerJaasSecurity.java?rev=1050005&view=auto
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookServerJaasSecurity.java (added)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookServerJaasSecurity.java Thu Dec 16 15:27:45 2010
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security;
+
+import org.apache.cxf.systest.jaxrs.AbstractSpringServer;
+
+
+
+public class BookServerJaasSecurity extends AbstractSpringServer {
+
+    public BookServerJaasSecurity() {
+        super("/jaxrs_jaas_security");
+    }
+    
+    public BookServerJaasSecurity(String[] args) {
+        super("/jaxrs_jaas_security");
+    }
+    
+    public static void main(String args[]) {
+        try {
+            BookServerJaasSecurity s = new BookServerJaasSecurity();
+            s.start();
+        } catch (Exception ex) {
+            ex.printStackTrace();
+            System.exit(-1);
+        } finally {
+            System.out.println("done!");
+        }
+    }
+
+}

Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookServerJaasSecurity.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookServerJaasSecurity.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasSecurityTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasSecurityTest.java?rev=1050005&view=auto
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasSecurityTest.java (added)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasSecurityTest.java Thu Dec 16 15:27:45 2010
@@ -0,0 +1,100 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security;
+
+import java.util.Collections;
+
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response;
+
+import org.apache.cxf.jaxrs.client.WebClient;
+
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class JAXRSJaasSecurityTest extends AbstractSpringSecurityTest {
+    public static final String PORT = BookServerJaasSecurity.PORT;
+    
+    @BeforeClass
+    public static void startServers() throws Exception {
+        String jaasConfig = JAXRSJaasSecurityTest.class
+            .getResource("/org/apache/cxf/systest/jaxrs/security/jaas.cfg").getFile();
+        assertTrue("server did not launch correctly", 
+                   launchServer(BookServerJaasSecurity.class,
+                                Collections.singletonMap("java.security.auth.login.config", 
+                                                         jaasConfig),
+                                new String[]{}, 
+                                false));
+    }
+    
+    @Test
+    public void testJaasInterceptorAuthenticationFailure() throws Exception {
+        String endpointAddress =
+            "http://localhost:" + PORT + "/jaas/bookstorestorage/thosebooks/123"; 
+        getBook(endpointAddress, "foo", "bar1", 401);
+    }
+    
+    @Test
+    public void testGetBookUserAdminJaasInterceptor() throws Exception {
+        String endpointAddress =
+            "http://localhost:" + PORT + "/jaas/bookstorestorage/thosebooks/123"; 
+        getBook(endpointAddress, "foo", "bar", 403);
+        getBook(endpointAddress, "bob", "bobspassword", 200);
+    }
+    
+    @Test
+    public void testJaasFilterAuthenticationFailure() throws Exception {
+        String endpointAddress =
+            "http://localhost:" + PORT + "/jaas2/bookstorestorage/thosebooks/123"; 
+        WebClient wc = WebClient.create(endpointAddress);
+        wc.accept("text/xml");
+        wc.header(HttpHeaders.AUTHORIZATION, 
+                  "Basic " + base64Encode("foo" + ":" + "bar1"));
+        Response r = wc.get();
+        assertEquals(401, r.getStatus());
+        Object wwwAuthHeader = r.getMetadata().getFirst(HttpHeaders.WWW_AUTHENTICATE);
+        assertNotNull(wwwAuthHeader);
+        assertEquals("Basic", wwwAuthHeader.toString());
+    }
+    
+    @Test
+    public void testJaasFilterAuthenticationFailureWithRedirection() throws Exception {
+        String endpointAddress =
+            "http://localhost:" + PORT + "/jaas2/bookstorestorage/thosebooks/123"; 
+        WebClient wc = WebClient.create(endpointAddress);
+        wc.accept("text/xml,text/html");
+        wc.header(HttpHeaders.AUTHORIZATION, 
+                  "Basic " + base64Encode("foo" + ":" + "bar1"));
+        Response r = wc.get();
+        assertEquals(307, r.getStatus());
+        Object locationHeader = r.getMetadata().getFirst(HttpHeaders.LOCATION);
+        assertNotNull(locationHeader);
+        assertEquals("http://localhost:" + PORT + "/jaas2/login.jsp",
+                     locationHeader.toString());
+    }
+    
+    @Test
+    public void testGetBookUserAdminJaasFilter() throws Exception {
+        String endpointAddress =
+            "http://localhost:" + PORT + "/jaas2/bookstorestorage/thosebooks/123"; 
+        getBook(endpointAddress, "foo", "bar", 403);
+        getBook(endpointAddress, "bob", "bobspassword", 200);
+    }
+}

Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasSecurityTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasSecurityTest.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSSimpleSecurityTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSSimpleSecurityTest.java?rev=1050005&r1=1050004&r2=1050005&view=diff
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSSimpleSecurityTest.java (original)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSSimpleSecurityTest.java Thu Dec 16 15:27:45 2010
@@ -23,7 +23,7 @@ import org.junit.BeforeClass;
 import org.junit.Test;
 
 public class JAXRSSimpleSecurityTest extends AbstractSpringSecurityTest {
-    public static final String PORT = BookServerSecuritySpringClass.PORT;
+    public static final String PORT = BookServerSimpleSecurity.PORT;
     
     @BeforeClass
     public static void startServers() throws Exception {

Added: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JettyJAASFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JettyJAASFilter.java?rev=1050005&view=auto
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JettyJAASFilter.java (added)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JettyJAASFilter.java Thu Dec 16 15:27:45 2010
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.security;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.cxf.interceptor.security.NamePasswordCallbackHandler;
+import org.apache.cxf.jaxrs.security.JAASAuthenticationFilter;
+import org.eclipse.jetty.plus.jaas.callback.ObjectCallback;
+
+public class JettyJAASFilter extends JAASAuthenticationFilter {
+    @Override
+    protected CallbackHandler getCallbackHandler(final String name, final String password) {
+        return new NamePasswordCallbackHandler(name, password) {
+            protected boolean handleCallback(Callback c) {
+                if (c instanceof ObjectCallback) {
+                    ((ObjectCallback)c).setObject(password);
+                    return true;
+                } else {
+                    return false;
+                }
+            }
+        };
+    }
+    
+}

Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JettyJAASFilter.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JettyJAASFilter.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JettyJAASLoginInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JettyJAASLoginInterceptor.java?rev=1050005&view=auto
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JettyJAASLoginInterceptor.java (added)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JettyJAASLoginInterceptor.java Thu Dec 16 15:27:45 2010
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.security;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.cxf.interceptor.security.JAASLoginInterceptor;
+import org.apache.cxf.interceptor.security.NamePasswordCallbackHandler;
+import org.eclipse.jetty.plus.jaas.callback.ObjectCallback;
+
+public class JettyJAASLoginInterceptor extends JAASLoginInterceptor {
+
+    @Override
+    protected CallbackHandler getCallbackHandler(final String name, final String password) {
+        return new NamePasswordCallbackHandler(name, password) {
+            protected boolean handleCallback(Callback c) {
+                if (c instanceof ObjectCallback) {
+                    ((ObjectCallback)c).setObject(password);
+                    return true;
+                } else {
+                    return false;
+                }
+            }
+        };
+    }
+}

Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JettyJAASLoginInterceptor.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JettyJAASLoginInterceptor.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/SecurityOutFaultInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/SecurityOutFaultInterceptor.java?rev=1050005&r1=1050004&r2=1050005&view=diff
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/SecurityOutFaultInterceptor.java (original)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/SecurityOutFaultInterceptor.java Thu Dec 16 15:27:45 2010
@@ -18,6 +18,8 @@
  */
 package org.apache.cxf.systest.jaxrs.security;
 
+import java.io.IOException;
+
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.cxf.interceptor.Fault;
@@ -35,14 +37,22 @@ public class SecurityOutFaultInterceptor
     }
 
     public void handleMessage(Message message) throws Fault {
-        Exception ex = message.getContent(Exception.class);
-        if (!(((Fault)ex).getCause() instanceof AccessDeniedException)) {
-            throw new RuntimeException("Security Exception is expected is expected");
+        Fault fault = (Fault)message.getContent(Exception.class);
+        Throwable ex = fault.getCause();
+        if (!(ex instanceof SecurityException)) {
+            throw new RuntimeException("Security Exception is expected");
         }
         
         HttpServletResponse response = (HttpServletResponse)message.getExchange().getInMessage()
             .get(AbstractHTTPDestination.HTTP_RESPONSE);
-        response.setStatus(403);
+        int status = ex instanceof AccessDeniedException ? 403 : 401; 
+        response.setStatus(status);
+        try {
+            response.getOutputStream().write(ex.getMessage().getBytes());
+            response.getOutputStream().flush();
+        } catch (IOException iex) {
+            // ignore
+        }
         
         message.getInterceptorChain().abort();
     }

Added: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaas.cfg
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaas.cfg?rev=1050005&view=auto
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaas.cfg (added)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaas.cfg Thu Dec 16 15:27:45 2010
@@ -0,0 +1,4 @@
+BookLogin {
+  org.apache.cxf.systest.jaxrs.security.BookLoginModule required;
+};
+

Added: cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml?rev=1050005&view=auto
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml (added)
+++ cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml Thu Dec 16 15:27:45 2010
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+  xmlns:util="http://www.springframework.org/schema/util"
+  xsi:schemaLocation="
+http://www.springframework.org/schema/beans 
+http://www.springframework.org/schema/beans/spring-beans.xsd
+http://www.springframework.org/schema/util 
+http://www.springframework.org/schema/util/spring-util-2.0.xsd
+http://cxf.apache.org/jaxrs
+http://cxf.apache.org/schemas/jaxrs.xsd">
+
+  <import resource="classpath:META-INF/cxf/cxf.xml" />
+  <import resource="classpath:META-INF/cxf/cxf-extension-jaxrs-binding.xml" />
+  <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
+
+  <jaxrs:server address="/jaas">
+    <jaxrs:serviceBeans>
+       <bean class="org.apache.cxf.systest.jaxrs.security.SecureBookStoreNoAnnotations"/>
+    </jaxrs:serviceBeans>		   
+    <jaxrs:inInterceptors>
+        <ref bean="authenticationInterceptor"/>
+        <ref bean="authorizationInterceptor"/>
+    </jaxrs:inInterceptors>
+    
+    <jaxrs:outFaultInterceptors>
+        <bean class="org.apache.cxf.systest.jaxrs.security.SecurityOutFaultInterceptor"/>
+    </jaxrs:outFaultInterceptors>
+    
+  </jaxrs:server>
+  
+  <jaxrs:server address="/jaas2">
+    <jaxrs:serviceBeans>
+       <bean class="org.apache.cxf.systest.jaxrs.security.SecureBookStoreNoAnnotations"/>
+    </jaxrs:serviceBeans>		   
+    <jaxrs:providers>
+        <ref bean="authenticationFilter"/>
+        <ref bean="authorizationFilter"/>
+    </jaxrs:providers>
+  </jaxrs:server>
+  
+  <bean id="authenticationInterceptor" class="org.apache.cxf.systest.jaxrs.security.JettyJAASLoginInterceptor">
+        <property name="contextName" value="BookLogin"/>
+        <property name="rolePrefix" value="ROLE_"/>
+  </bean>
+  
+  <bean id="authorizationInterceptor" class="org.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor">
+        <property name="methodRolesMap" ref="rolesMap"/>
+  </bean>
+  
+  <bean id="authenticationFilter" class="org.apache.cxf.systest.jaxrs.security.JettyJAASFilter">
+        <property name="contextName" value="BookLogin"/>
+        <property name="rolePrefix" value="ROLE_"/>
+        
+        <property name="redirectURI" value="/login.jsp"/>
+  </bean>
+  
+  <bean id="authorizationFilter" class="org.apache.cxf.jaxrs.security.SimpleAuthorizingFilter">
+        <property name="methodRolesMap" ref="rolesMap"/>
+  </bean>
+  
+  <util:map id="rolesMap">
+     <entry key="getThatBook" value="ROLE_BOOK_OWNER"/>
+     <entry key="getBook" value="ROLE_BOOK_OWNER"/>
+  </util:map>
+  
+</beans>
+<!-- END SNIPPET: beans -->
+

Propchange: cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/web.xml?rev=1050005&view=auto
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/web.xml (added)
+++ cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/web.xml Thu Dec 16 15:27:45 2010
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE web-app
+    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+    "http://java.sun.com/dtd/web-app_2_3.dtd">
+<!--
+	Licensed to the Apache Software Foundation (ASF) under one
+	or more contributor license agreements. See the NOTICE file
+	distributed with this work for additional information
+	regarding copyright ownership. The ASF licenses this file
+	to you under the Apache License, Version 2.0 (the
+	"License"); you may not use this file except in compliance
+	with the License. You may obtain a copy of the License at
+	
+	http://www.apache.org/licenses/LICENSE-2.0
+	
+	Unless required by applicable law or agreed to in writing,
+	software distributed under the License is distributed on an
+	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+	KIND, either express or implied. See the License for the
+	specific language governing permissions and limitations
+	under the License.
+-->
+<!-- START SNIPPET: webxml -->
+<web-app>
+	<context-param>
+		<param-name>contextConfigLocation</param-name>
+		<param-value>WEB-INF/beans.xml</param-value>
+	</context-param>
+
+	<listener>
+		<listener-class>
+			org.springframework.web.context.ContextLoaderListener
+		</listener-class>
+	</listener>
+
+  	<servlet>
+		<servlet-name>CXFServlet</servlet-name>
+		<display-name>CXF Servlet</display-name>
+		<servlet-class>
+			org.apache.cxf.transport.servlet.CXFServlet
+		</servlet-class>
+		<load-on-startup>1</load-on-startup>
+	</servlet>
+
+	<servlet-mapping>
+		<servlet-name>CXFServlet</servlet-name>
+		<url-pattern>/*</url-pattern>
+	</servlet-mapping>
+</web-app>
+<!-- END SNIPPET: webxml -->

Propchange: cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/web.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/web.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/web.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml



Mime
View raw message