cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1069130 - in /cxf/trunk: api/src/main/java/org/apache/cxf/security/ rt/core/src/main/java/org/apache/cxf/interceptor/security/ rt/core/src/test/java/org/apache/cxf/interceptor/security/ rt/ws/security/src/main/java/org/apache/cxf/ws/securi...
Date Wed, 09 Feb 2011 21:56:05 GMT
Author: sergeyb
Date: Wed Feb  9 21:56:04 2011
New Revision: 1069130

URL: http://svn.apache.org/viewvc?rev=1069130&view=rev
Log:
[CXF-3322] Adding LoginSecurityContext interface

Added:
    cxf/trunk/api/src/main/java/org/apache/cxf/security/LoginSecurityContext.java   (with
props)
    cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImplTest.java
  (with props)
Removed:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultSecurityContext.java
Modified:
    cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
    cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java
    cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java

Added: cxf/trunk/api/src/main/java/org/apache/cxf/security/LoginSecurityContext.java
URL: http://svn.apache.org/viewvc/cxf/trunk/api/src/main/java/org/apache/cxf/security/LoginSecurityContext.java?rev=1069130&view=auto
==============================================================================
--- cxf/trunk/api/src/main/java/org/apache/cxf/security/LoginSecurityContext.java (added)
+++ cxf/trunk/api/src/main/java/org/apache/cxf/security/LoginSecurityContext.java Wed Feb
 9 21:56:04 2011
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.security;
+
+import java.security.Principal;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+/**
+ * LoginSecurityContext provides additional information about the
+ * authenticated principal. 
+ * 
+ * {@link SecurityContext} implementations which can get the authenticated
+ * Subject and/or the list of the user roles may implement this interface. 
+ */
+public interface LoginSecurityContext extends SecurityContext {
+
+    /**
+     * Returns the Subject representing the current authenticated user.
+     * @return the subject
+     */
+    Subject getSubject();
+    /**
+     * Returns a set of Principals representing the roles 
+     * assigned to the current authenticated user Principal
+     * @return the roles
+     */
+    Set<Principal> getUserRoles();
+}

Propchange: cxf/trunk/api/src/main/java/org/apache/cxf/security/LoginSecurityContext.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/api/src/main/java/org/apache/cxf/security/LoginSecurityContext.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java?rev=1069130&r1=1069129&r2=1069130&view=diff
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
(original)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
Wed Feb  9 21:56:04 2011
@@ -21,10 +21,12 @@ package org.apache.cxf.interceptor.secur
 import java.security.Principal;
 import java.security.acl.Group;
 import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Set;
 
 import javax.security.auth.Subject;
 
-import org.apache.cxf.security.SecurityContext;
+import org.apache.cxf.security.LoginSecurityContext;
 
 /**
  * SecurityContext which implements isUserInRole using the
@@ -33,7 +35,7 @@ import org.apache.cxf.security.SecurityC
  * 
  * TODO : consider moving this class into a rt-core-security module
  */
-public class DefaultSecurityContext implements SecurityContext {
+public class DefaultSecurityContext implements LoginSecurityContext {
 
     private Principal p;
     private Subject subject; 
@@ -89,4 +91,22 @@ public class DefaultSecurityContext impl
         }
         return false;    
     }
+
+    @Override
+    public Subject getSubject() {
+        return subject;
+    }
+
+    @Override
+    public Set<Principal> getUserRoles() {
+        Set<Principal> roles = new HashSet<Principal>();
+        if (subject != null) {
+            for (Principal principal : subject.getPrincipals()) {
+                if (principal != p) { 
+                    roles.add(principal);
+                }
+            }
+        }
+        return roles;
+    }
 }

Modified: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java?rev=1069130&r1=1069129&r2=1069130&view=diff
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java
(original)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImpl.java
Wed Feb  9 21:56:04 2011
@@ -20,20 +20,23 @@
 package org.apache.cxf.interceptor.security;
 
 import java.security.Principal;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
 
 import javax.security.auth.Subject;
 
-import org.apache.cxf.security.SecurityContext;
+import org.apache.cxf.security.LoginSecurityContext;
 
-public class RolePrefixSecurityContextImpl implements SecurityContext {
+public class RolePrefixSecurityContextImpl implements LoginSecurityContext {
     private Principal p;
-    private Set<String> roles; 
+    private Set<Principal> roles; 
+    private Subject theSubject;
     
     public RolePrefixSecurityContextImpl(Subject subject, String rolePrefix) {
         this.p = findPrincipal(subject, rolePrefix);
         this.roles = findRoles(subject, rolePrefix);
+        this.theSubject = subject;
     }
     
     public Principal getUserPrincipal() {
@@ -41,7 +44,14 @@ public class RolePrefixSecurityContextIm
     }
 
     public boolean isUserInRole(String role) {
-        return roles.contains(role);
+        // there is no guarantee the Principal instances retrieved
+        // from the Subject properly implement equalTo
+        for (Principal principal : roles) {
+            if (principal.getName().equals(role)) {
+                return true;
+            }
+        }
+        return false;
     }
     
     private static Principal findPrincipal(Subject subject, String rolePrefix) {
@@ -53,13 +63,21 @@ public class RolePrefixSecurityContextIm
         return null;
     }
     
-    private static Set<String> findRoles(Subject subject, String rolePrefix) {
-        Set<String> set = new HashSet<String>();
+    private static Set<Principal> findRoles(Subject subject, String rolePrefix) {
+        Set<Principal> set = new HashSet<Principal>();
         for (Principal p : subject.getPrincipals()) {
             if (p.getName().startsWith(rolePrefix)) {
-                set.add(p.getName());
+                set.add(p);
             }
         }
-        return set;
+        return Collections.unmodifiableSet(set);
+    }
+
+    public Subject getSubject() {
+        return theSubject;
+    }
+
+    public Set<Principal> getUserRoles() {
+        return roles;
     }
 }
\ No newline at end of file

Modified: cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java?rev=1069130&r1=1069129&r2=1069130&view=diff
==============================================================================
--- cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java
(original)
+++ cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java
Wed Feb  9 21:56:04 2011
@@ -20,11 +20,14 @@ package org.apache.cxf.interceptor.secur
 
 import java.security.Principal;
 import java.security.acl.Group;
+import java.util.HashSet;
+import java.util.Set;
 
 import javax.security.auth.Subject;
 
 import org.apache.cxf.common.security.SimpleGroup;
 import org.apache.cxf.common.security.SimplePrincipal;
+import org.apache.cxf.security.LoginSecurityContext;
 
 import org.junit.Assert;
 import org.junit.Test;
@@ -49,6 +52,32 @@ public class DefaultSecurityContextTest 
     }
     
     @Test
+    public void testMultipleRoles() {
+        Subject s = new Subject();
+        Principal p = new SimplePrincipal("Barry");
+        s.getPrincipals().add(p);
+        
+        Set<Principal> roles = new HashSet<Principal>();
+        roles.add(new SimpleGroup("friend", p));
+        roles.add(new SimpleGroup("admin", p));
+        s.getPrincipals().addAll(roles);
+        
+        LoginSecurityContext context = new DefaultSecurityContext(p, s);
+        assertTrue(context.isUserInRole("friend"));
+        assertTrue(context.isUserInRole("admin"));
+        assertFalse(context.isUserInRole("bar"));
+        
+        Set<Principal> roles2 =  context.getUserRoles();
+        assertEquals(roles2, roles);
+    }
+    
+    @Test
+    public void testGetSubject() {
+        Subject s = new Subject();
+        assertSame(new DefaultSecurityContext(s).getSubject(), s);
+    }
+    
+    @Test
     public void testUserInRole2() {
         Subject s = new Subject();
         Principal p = new SimplePrincipal("Barry");

Added: cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImplTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImplTest.java?rev=1069130&view=auto
==============================================================================
--- cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImplTest.java
(added)
+++ cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImplTest.java
Wed Feb  9 21:56:04 2011
@@ -0,0 +1,79 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.interceptor.security;
+
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+import org.apache.cxf.common.security.SimplePrincipal;
+import org.apache.cxf.security.LoginSecurityContext;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class RolePrefixSecurityContextImplTest extends Assert {
+
+    @Test
+    public void testUserNotInRole() {
+        Subject s = new Subject();
+        Principal p = new SimplePrincipal("Barry");
+        s.getPrincipals().add(p);
+        assertFalse(new RolePrefixSecurityContextImpl(s, "").isUserInRole("friend"));
+    }
+    
+    @Test
+    public void testUserInRole() {
+        Subject s = new Subject();
+        Principal p = new SimplePrincipal("Barry");
+        s.getPrincipals().add(p);
+        s.getPrincipals().add(new SimplePrincipal("role_friend"));
+        assertTrue(new RolePrefixSecurityContextImpl(s, "role_")
+                       .isUserInRole("role_friend"));
+    }
+    
+    @Test
+    public void testMultipleRoles() {
+        Subject s = new Subject();
+        Principal p = new SimplePrincipal("Barry");
+        s.getPrincipals().add(p);
+        
+        Set<Principal> roles = new HashSet<Principal>();
+        roles.add(new SimplePrincipal("role_friend"));
+        roles.add(new SimplePrincipal("role_admin"));
+        s.getPrincipals().addAll(roles);
+        
+        LoginSecurityContext context = new RolePrefixSecurityContextImpl(s, "role_");
+        assertTrue(context.isUserInRole("role_friend"));
+        assertTrue(context.isUserInRole("role_admin"));
+        assertFalse(context.isUserInRole("role_bar"));
+        
+        Set<Principal> roles2 =  context.getUserRoles();
+        assertEquals(roles2, roles);
+    }
+    
+    @Test
+    public void testGetSubject() {
+        Subject s = new Subject();
+        assertSame(new RolePrefixSecurityContextImpl(s, "").getSubject(), s);
+    }
+    
+}

Propchange: cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImplTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/RolePrefixSecurityContextImplTest.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date



Mime
View raw message