cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1089530 - in /cxf/branches/2.3.x-fixes: ./ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java
Date Wed, 06 Apr 2011 16:39:10 GMT
Author: sergeyb
Date: Wed Apr  6 16:39:09 2011
New Revision: 1089530

URL: http://svn.apache.org/viewvc?rev=1089530&view=rev
Log:
Merged revisions 1089512 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1089512 | sergeyb | 2011-04-06 17:09:34 +0100 (Wed, 06 Apr 2011) | 1 line
  
  [CXF-3444] Attempting to set the 'best' SecurityContext principal
........

Modified:
    cxf/branches/2.3.x-fixes/   (props changed)
    cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/branches/2.3.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java

Propchange: cxf/branches/2.3.x-fixes/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Apr  6 16:39:09 2011
@@ -1 +1 @@
-/cxf/trunk:1089407,1089487
+/cxf/trunk:1089407,1089487,1089512

Propchange: cxf/branches/2.3.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1089530&r1=1089529&r2=1089530&view=diff
==============================================================================
--- cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++ cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Wed Apr  6 16:39:09 2011
@@ -58,6 +58,7 @@ import org.apache.cxf.ws.security.Securi
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSDerivedKeyTokenPrincipal;
 import org.apache.ws.security.WSPasswordCallback;
 import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityEngine;
@@ -430,7 +431,7 @@ public class WSS4JInInterceptor extends 
         
         for (WSSecurityEngineResult o : CastUtils.cast(wsResult, WSSecurityEngineResult.class))
{
             final Principal p = (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);
-            if (p != null) {
+            if (p != null && isSecurityContextPrincipal(p, wsResult)) {
                 msg.put(PRINCIPAL_RESULT, p);
                 if (!utWithCallbacks) {
                     WSS4JTokenConverter.convertToken(msg, p);
@@ -444,6 +445,23 @@ public class WSS4JInInterceptor extends 
         }
     }
 
+    /**
+     * Checks if a given WSS4J Principal can be represented as a user principal
+     * inside SecurityContext. Example, UsernameToken or PublicKey principals can
+     * be used to facilitate checking the user roles, etc.
+     */
+    protected boolean isSecurityContextPrincipal(Principal p, List<WSSecurityEngineResult>
wsResult) {
+        boolean derivedKeyPrincipal = p instanceof WSDerivedKeyTokenPrincipal;
+        if (derivedKeyPrincipal) {
+            // If it is a derived key principal then let it be a SecurityContext
+            // principal only if no other principals are available.
+            // The derived key principal will still be visible to
+            // custom interceptors as part of the WSHandlerConstants.RECV_RESULTS value
+            return wsResult.size() > 1 ? false : true;
+        } else {
+            return true;
+        }
+    }
     
     protected SecurityContext createSecurityContext(final Principal p) {
         return new SecurityContext() {

Modified: cxf/branches/2.3.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java?rev=1089530&r1=1089529&r2=1089530&view=diff
==============================================================================
--- cxf/branches/2.3.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java
(original)
+++ cxf/branches/2.3.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java
Wed Apr  6 16:39:09 2011
@@ -20,6 +20,7 @@ package org.apache.cxf.ws.security.wss4j
 
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
+import java.security.Principal;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -27,6 +28,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.SortedSet;
 import java.util.TreeSet;
+
 import javax.xml.namespace.QName;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
@@ -56,8 +58,10 @@ import org.apache.cxf.staxutils.StaxUtil
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSDataRef;
 import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSUsernameTokenPrincipal;
 import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.handler.WSHandlerResult;
+
 import org.junit.Test;
 
 
@@ -398,6 +402,18 @@ public class WSS4JInOutTest extends Abst
             (java.util.List<Object>) handlerResults.get(0).getResults();
         assertNotNull(protectionResults);
         assertSame(protectionResults.size(), 2);
+        
+        WSSecurityEngineResult wsResult1 = (WSSecurityEngineResult)protectionResults.get(0);
+        WSSecurityEngineResult wsResult2 = (WSSecurityEngineResult)protectionResults.get(1);
+
+        final Principal p1 = (Principal)wsResult1.get(WSSecurityEngineResult.TAG_PRINCIPAL);
+        final Principal p2 = (Principal)wsResult2.get(WSSecurityEngineResult.TAG_PRINCIPAL);
+        assertTrue(p1 instanceof WSUsernameTokenPrincipal || p2 instanceof WSUsernameTokenPrincipal);
+        
+        Principal utPrincipal = p1 instanceof WSUsernameTokenPrincipal ? p1 : p2;
+        
+        Principal secContextPrincipal = (Principal)inmsg.get(WSS4JInInterceptor.PRINCIPAL_RESULT);
+        assertSame(secContextPrincipal, utPrincipal);
     }
     
     @Test



Mime
View raw message