Return-Path: Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: (qmail 32034 invoked from network); 16 Dec 2010 15:45:48 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 16 Dec 2010 15:45:48 -0000 Received: (qmail 55104 invoked by uid 500); 16 Dec 2010 15:45:48 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 54981 invoked by uid 500); 16 Dec 2010 15:45:46 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 54974 invoked by uid 99); 16 Dec 2010 15:45:46 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Dec 2010 15:45:46 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Dec 2010 15:45:42 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id E8BA823889E7; Thu, 16 Dec 2010 15:45:20 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1050013 - in /cxf/branches/2.3.x-fixes: ./ rt/core/src/main/java/org/apache/cxf/interceptor/security/ rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/ systests/jaxrs/... Date: Thu, 16 Dec 2010 15:45:20 -0000 To: commits@cxf.apache.org From: sergeyb@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20101216154520.E8BA823889E7@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: sergeyb Date: Thu Dec 16 15:45:19 2010 New Revision: 1050013 URL: http://svn.apache.org/viewvc?rev=1050013&view=rev Log: Merged revisions 1050005 via svnmerge from https://svn.apache.org/repos/asf/cxf/trunk ........ r1050005 | sergeyb | 2010-12-16 15:27:45 +0000 (Thu, 16 Dec 2010) | 1 line [CXF-3195] Introducing JAAS Interceptor and filter ........ Added: cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/AuthenticationException.java - copied unchanged from r1050005, cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AuthenticationException.java cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java - copied unchanged from r1050005, cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/Messages.properties - copied unchanged from r1050005, cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/Messages.properties cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/NamePasswordCallbackHandler.java - copied unchanged from r1050005, cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/NamePasswordCallbackHandler.java cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java - copied unchanged from r1050005, cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java cxf/branches/2.3.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java - copied unchanged from r1050005, cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginModule.java - copied unchanged from r1050005, cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginModule.java cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookServerJaasSecurity.java - copied unchanged from r1050005, cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookServerJaasSecurity.java cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasSecurityTest.java - copied unchanged from r1050005, cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasSecurityTest.java cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JettyJAASFilter.java - copied unchanged from r1050005, cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JettyJAASFilter.java cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JettyJAASLoginInterceptor.java - copied unchanged from r1050005, cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JettyJAASLoginInterceptor.java cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaas.cfg - copied unchanged from r1050005, cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaas.cfg cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/resources/jaxrs_jaas_security/ - copied from r1050005, cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/ cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/ - copied from r1050005, cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/ cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml - copied unchanged from r1050005, cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/web.xml - copied unchanged from r1050005, cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/web.xml Modified: cxf/branches/2.3.x-fixes/ (props changed) cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/AccessDeniedException.java cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java cxf/branches/2.3.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ResponseBuilderImpl.java cxf/branches/2.3.x-fixes/systests/jaxrs/pom.xml cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/AbstractSpringSecurityTest.java cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSSimpleSecurityTest.java cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/SecurityOutFaultInterceptor.java Propchange: cxf/branches/2.3.x-fixes/ ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Thu Dec 16 15:45:19 2010 @@ -1 +1 @@ -/cxf/trunk:1041183,1041790,1041993,1042346,1042571,1042724,1042805,1042821,1043225,1043229,1043902,1043907,1043954,1044085,1044238-1044305,1045024,1048915,1048919,1048930,1049078,1049937 +/cxf/trunk:1041183,1041790,1041993,1042346,1042571,1042724,1042805,1042821,1043225,1043229,1043902,1043907,1043954,1044085,1044238-1044305,1045024,1048915,1048919,1048930,1049078,1049937,1050005 Propchange: cxf/branches/2.3.x-fixes/ ------------------------------------------------------------------------------ Binary property 'svnmerge-integrated' - no diff available. Modified: cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/AccessDeniedException.java URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/AccessDeniedException.java?rev=1050013&r1=1050012&r2=1050013&view=diff ============================================================================== --- cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/AccessDeniedException.java (original) +++ cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/AccessDeniedException.java Thu Dec 16 15:45:19 2010 @@ -18,7 +18,7 @@ */ package org.apache.cxf.interceptor.security; -public class AccessDeniedException extends RuntimeException { +public class AccessDeniedException extends SecurityException { public AccessDeniedException(String reason) { super(reason); } Modified: cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java?rev=1050013&r1=1050012&r2=1050013&view=diff ============================================================================== --- cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java (original) +++ cxf/branches/2.3.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java Thu Dec 16 15:45:19 2010 @@ -31,28 +31,44 @@ import org.apache.cxf.security.SecurityC * following approach : skip the first Subject principal, and then checks * Groups the principal is a member of * - * TODO : consider moving this class into common/security + * TODO : consider moving this class into a rt-core-security module */ public class DefaultSecurityContext implements SecurityContext { private Principal p; private Subject subject; + public DefaultSecurityContext(Subject subject) { + this.p = findPrincipal(subject); + this.subject = subject; + } + public DefaultSecurityContext(Principal p, Subject subject) { this.p = p; this.subject = subject; } + private static Principal findPrincipal(Subject subject) { + if (subject != null) { + for (Principal principal : subject.getPrincipals()) { + if (!(principal instanceof Group)) { + return principal; + } + } + } + return null; + } + public Principal getUserPrincipal() { return p; } + public boolean isUserInRole(String role) { - if (subject == null || subject.getPrincipals().size() <= 1) { - return false; - } - for (Principal principal : subject.getPrincipals()) { - if (principal instanceof Group && checkGroup((Group)principal, role)) { - return true; + if (subject != null) { + for (Principal principal : subject.getPrincipals()) { + if (principal instanceof Group && checkGroup((Group)principal, role)) { + return true; + } } } return false; Modified: cxf/branches/2.3.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ResponseBuilderImpl.java URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ResponseBuilderImpl.java?rev=1050013&r1=1050012&r2=1050013&view=diff ============================================================================== --- cxf/branches/2.3.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ResponseBuilderImpl.java (original) +++ cxf/branches/2.3.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ResponseBuilderImpl.java Thu Dec 16 15:45:19 2010 @@ -142,6 +142,8 @@ public final class ResponseBuilderImpl e if (HttpUtils.isDateRelatedHeader(name)) { Object theValue = value instanceof Date ? toHttpDate((Date)value) : value; return setHeader(name, theValue); + } else if (HttpHeaders.LOCATION.equals(name)) { + return location(URI.create(value.toString())); } else { return addHeader(name, value); } Modified: cxf/branches/2.3.x-fixes/systests/jaxrs/pom.xml URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/systests/jaxrs/pom.xml?rev=1050013&r1=1050012&r2=1050013&view=diff ============================================================================== --- cxf/branches/2.3.x-fixes/systests/jaxrs/pom.xml (original) +++ cxf/branches/2.3.x-fixes/systests/jaxrs/pom.xml Thu Dec 16 15:45:19 2010 @@ -87,6 +87,11 @@ org.eclipse.jetty jetty-server + + org.eclipse.jetty + jetty-plus + ${cxf.jetty.version} + org.eclipse.jetty jetty-webapp Modified: cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/AbstractSpringSecurityTest.java URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/AbstractSpringSecurityTest.java?rev=1050013&r1=1050012&r2=1050013&view=diff ============================================================================== --- cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/AbstractSpringSecurityTest.java (original) +++ cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/AbstractSpringSecurityTest.java Thu Dec 16 15:45:19 2010 @@ -39,7 +39,7 @@ public abstract class AbstractSpringSecu return bos.getOut().toString(); } - private String base64Encode(String value) { + protected String base64Encode(String value) { return Base64Utility.encode(value.getBytes()); } Modified: cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSSimpleSecurityTest.java URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSSimpleSecurityTest.java?rev=1050013&r1=1050012&r2=1050013&view=diff ============================================================================== --- cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSSimpleSecurityTest.java (original) +++ cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSSimpleSecurityTest.java Thu Dec 16 15:45:19 2010 @@ -23,7 +23,7 @@ import org.junit.BeforeClass; import org.junit.Test; public class JAXRSSimpleSecurityTest extends AbstractSpringSecurityTest { - public static final String PORT = BookServerSecuritySpringClass.PORT; + public static final String PORT = BookServerSimpleSecurity.PORT; @BeforeClass public static void startServers() throws Exception { Modified: cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/SecurityOutFaultInterceptor.java URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/SecurityOutFaultInterceptor.java?rev=1050013&r1=1050012&r2=1050013&view=diff ============================================================================== --- cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/SecurityOutFaultInterceptor.java (original) +++ cxf/branches/2.3.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/SecurityOutFaultInterceptor.java Thu Dec 16 15:45:19 2010 @@ -18,6 +18,8 @@ */ package org.apache.cxf.systest.jaxrs.security; +import java.io.IOException; + import javax.servlet.http.HttpServletResponse; import org.apache.cxf.interceptor.Fault; @@ -35,14 +37,22 @@ public class SecurityOutFaultInterceptor } public void handleMessage(Message message) throws Fault { - Exception ex = message.getContent(Exception.class); - if (!(((Fault)ex).getCause() instanceof AccessDeniedException)) { - throw new RuntimeException("Security Exception is expected is expected"); + Fault fault = (Fault)message.getContent(Exception.class); + Throwable ex = fault.getCause(); + if (!(ex instanceof SecurityException)) { + throw new RuntimeException("Security Exception is expected"); } HttpServletResponse response = (HttpServletResponse)message.getExchange().getInMessage() .get(AbstractHTTPDestination.HTTP_RESPONSE); - response.setStatus(403); + int status = ex instanceof AccessDeniedException ? 403 : 401; + response.setStatus(status); + try { + response.getOutputStream().write(ex.getMessage().getBytes()); + response.getOutputStream().flush(); + } catch (IOException iex) { + // ignore + } message.getInterceptorChain().abort(); }