cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1089512 - in /cxf/trunk/rt/ws/security/src: main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java
Date Wed, 06 Apr 2011 16:09:35 GMT
Author: sergeyb
Date: Wed Apr  6 16:09:34 2011
New Revision: 1089512

URL: http://svn.apache.org/viewvc?rev=1089512&view=rev
Log:
[CXF-3444] Attempting to set the 'best' SecurityContext principal

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1089512&r1=1089511&r2=1089512&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Wed Apr  6 16:09:34 2011
@@ -61,6 +61,7 @@ import org.apache.cxf.ws.security.Securi
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSDerivedKeyTokenPrincipal;
 import org.apache.ws.security.WSPasswordCallback;
 import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityEngine;
@@ -399,7 +400,7 @@ public class WSS4JInInterceptor extends 
 
         for (WSSecurityEngineResult o : wsResult) {
             final Principal p = (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);
-            if (p != null) {
+            if (p != null && isSecurityContextPrincipal(p, wsResult)) {
                 msg.put(PRINCIPAL_RESULT, p);
                 if (!utWithCallbacks) {
                     WSS4JTokenConverter.convertToken(msg, p);
@@ -413,6 +414,24 @@ public class WSS4JInInterceptor extends 
         }
     }
 
+    /**
+     * Checks if a given WSS4J Principal can be represented as a user principal
+     * inside SecurityContext. Example, UsernameToken or PublicKey principals can
+     * be used to facilitate checking the user roles, etc.
+     */
+    protected boolean isSecurityContextPrincipal(Principal p, List<WSSecurityEngineResult>
wsResult) {
+        boolean derivedKeyPrincipal = p instanceof WSDerivedKeyTokenPrincipal;
+        if (derivedKeyPrincipal) {
+            // If it is a derived key principal then let it be a SecurityContext
+            // principal only if no other principals are available.
+            // The derived key principal will still be visible to
+            // custom interceptors as part of the WSHandlerConstants.RECV_RESULTS value
+            return wsResult.size() > 1 ? false : true;
+        } else {
+            return true;
+        }
+    }
+    
     protected void advanceBody(
         SoapMessage msg, Node body
     ) throws SOAPException, XMLStreamException, WSSecurityException {

Modified: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java?rev=1089512&r1=1089511&r2=1089512&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java
(original)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java
Wed Apr  6 16:09:34 2011
@@ -20,6 +20,7 @@ package org.apache.cxf.ws.security.wss4j
 
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
+import java.security.Principal;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -27,6 +28,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.SortedSet;
 import java.util.TreeSet;
+
 import javax.xml.namespace.QName;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
@@ -57,9 +59,11 @@ import org.apache.cxf.staxutils.StaxUtil
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSDataRef;
 import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSUsernameTokenPrincipal;
 import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.handler.WSHandlerResult;
 import org.apache.ws.security.util.WSSecurityUtil;
+
 import org.junit.Test;
 
 
@@ -105,7 +109,7 @@ public class WSS4JInOutTest extends Abst
         xpaths.add("//wsse:Security/ds:Signature");
 
         List<WSHandlerResult> handlerResults = 
-            makeInvocation(outProperties, xpaths, inProperties);
+            getResults(makeInvocation(outProperties, xpaths, inProperties));
         WSSecurityEngineResult actionResult =
             WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.SIGN);
          
@@ -133,7 +137,7 @@ public class WSS4JInOutTest extends Abst
         xpaths.add("//wsse:Security/ds:Signature");
 
         List<WSHandlerResult> handlerResults = 
-            makeInvocation(outProperties, xpaths, inProperties);
+            getResults(makeInvocation(outProperties, xpaths, inProperties));
         WSSecurityEngineResult actionResult =
             WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.SIGN);
          
@@ -163,7 +167,7 @@ public class WSS4JInOutTest extends Abst
         xpaths.add("//s:Body/xenc:EncryptedData");
 
         List<WSHandlerResult> handlerResults = 
-            makeInvocation(outProperties, xpaths, inProperties);
+            getResults(makeInvocation(outProperties, xpaths, inProperties));
 
         assertNotNull(handlerResults);
         assertSame(handlerResults.size(), 1);
@@ -223,8 +227,8 @@ public class WSS4JInOutTest extends Abst
         List<String> xpaths = new ArrayList<String>();
         xpaths.add("//wsse:Security");
 
-        List<WSHandlerResult> handlerResults = 
-            makeInvocation(outProperties, xpaths, inProperties);
+        SoapMessage inmsg = makeInvocation(outProperties, xpaths, inProperties);
+        List<WSHandlerResult> handlerResults = getResults(inmsg);
 
         assertNotNull(handlerResults);
         assertSame(handlerResults.size(), 1);
@@ -236,6 +240,15 @@ public class WSS4JInOutTest extends Abst
             (java.util.List<WSSecurityEngineResult>) handlerResults.get(0).getResults();
         assertNotNull(protectionResults);
         assertSame(protectionResults.size(), 2);
+        
+        final Principal p1 = (Principal)protectionResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
+        final Principal p2 = (Principal)protectionResults.get(1).get(WSSecurityEngineResult.TAG_PRINCIPAL);
+        assertTrue(p1 instanceof WSUsernameTokenPrincipal || p2 instanceof WSUsernameTokenPrincipal);
+        
+        Principal utPrincipal = p1 instanceof WSUsernameTokenPrincipal ? p1 : p2;
+        
+        Principal secContextPrincipal = (Principal)inmsg.get(WSS4JInInterceptor.PRINCIPAL_RESULT);
+        assertSame(secContextPrincipal, utPrincipal);
     }
     
     @Test
@@ -438,7 +451,7 @@ public class WSS4JInOutTest extends Abst
         xpaths.add("//wsse:Security/ds:Signature");
 
         List<WSHandlerResult> handlerResults = 
-            makeInvocation(outProperties, xpaths, inProperties);
+            getResults(makeInvocation(outProperties, xpaths, inProperties));
         WSSecurityEngineResult actionResult =
             WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.SIGN);
          
@@ -476,7 +489,13 @@ public class WSS4JInOutTest extends Abst
         return ret;
     }
     
-    private List<WSHandlerResult> makeInvocation(
+    private List<WSHandlerResult> getResults(SoapMessage inmsg) {
+        final List<WSHandlerResult> handlerResults = 
+            CastUtils.cast((List<?>)inmsg.get(WSHandlerConstants.RECV_RESULTS));
+        return handlerResults;
+    }
+    
+    private SoapMessage makeInvocation(
         Map<String, String> outProperties,
         List<String> xpaths,
         Map<String, String> inProperties
@@ -535,9 +554,7 @@ public class WSS4JInOutTest extends Abst
 
         inHandler.handleMessage(inmsg);
 
-        final List<WSHandlerResult> handlerResults = 
-            CastUtils.cast((List<?>)inmsg.get(WSHandlerConstants.RECV_RESULTS));
-        return handlerResults;
+        return inmsg;
     }
     
     // FOR DEBUGGING ONLY



Mime
View raw message