cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1292271 - in /cxf/branches/2.5.x-fixes: rt/ws/security/src/main/java/org/apache/cxf/ws/security/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/ systests/ws-security/src/test/resources/org/apache/cxf/systest/ws...
Date Wed, 22 Feb 2012 13:07:43 GMT
Author: coheigea
Date: Wed Feb 22 13:07:43 2012
New Revision: 1292271

URL: http://svn.apache.org/viewvc?rev=1292271&view=rev
Log:
[CXF-3635] - WS-Trust SPNego (WCF message level spnego)

Modified:
    cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
    cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml

Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1292271&r1=1292270&r2=1292271&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Wed Feb 22 13:07:43 2012
@@ -125,6 +125,12 @@ public final class SecurityConstants {
     public static final String KERBEROS_SPN = "ws-security.kerberos.spn";
     
     /**
+     * The SpnegoClientAction implementation to use for SPNEGO. This allows the user to plug
in
+     * a different implementation to obtain a service ticket.
+     */
+    public static final String SPNEGO_CLIENT_ACTION = "ws-security.spnego.client.action";
+    
+    /**
      * Set this to "false" to not cache a SecurityToken per proxy object in the 
      * IssuedTokenInterceptorProvider. This should be done if a token is being retrieved
      * from an STS in an intermediary. The default value is "true".
@@ -146,7 +152,7 @@ public final class SecurityConstants {
             SIGNATURE_TOKEN_VALIDATOR, IS_BSP_COMPLIANT, TIMESTAMP_FUTURE_TTL,
             BST_TOKEN_VALIDATOR, SAML_CALLBACK_HANDLER, STS_TOKEN_ON_BEHALF_OF,
             KERBEROS_CLIENT, SCT_TOKEN_VALIDATOR, CACHE_ISSUED_TOKEN_IN_ENDPOINT,
-            KERBEROS_JAAS_CONTEXT_NAME, KERBEROS_SPN
+            KERBEROS_JAAS_CONTEXT_NAME, KERBEROS_SPN, SPNEGO_CLIENT_ACTION
         }));
         ALL_PROPERTIES = Collections.unmodifiableSet(s);
     }

Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java?rev=1292271&r1=1292270&r2=1292271&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
Wed Feb 22 13:07:43 2012
@@ -39,6 +39,7 @@ import org.apache.cxf.ws.security.tokens
 import org.apache.cxf.ws.security.trust.STSClient;
 import org.apache.cxf.ws.security.trust.STSUtils;
 import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.spnego.SpnegoClientAction;
 import org.apache.ws.security.spnego.SpnegoTokenContext;
 import org.apache.ws.security.util.Base64;
 
@@ -97,6 +98,12 @@ class SpnegoContextTokenOutInterceptor e
             );
         
         SpnegoTokenContext spnegoToken = new SpnegoTokenContext();
+        Object spnegoClientAction = 
+            message.getContextualProperty(SecurityConstants.SPNEGO_CLIENT_ACTION);
+        if (spnegoClientAction instanceof SpnegoClientAction) {
+            spnegoToken.setSpnegoClientAction((SpnegoClientAction)spnegoClientAction);
+        }
+        
         try {
             spnegoToken.retrieveServiceTicket(jaasContext, callbackHandler, kerberosSpn);
         } catch (WSSecurityException e) {

Modified: cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml?rev=1292271&r1=1292270&r2=1292271&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml
(original)
+++ cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml
Wed Feb 22 13:07:43 2012
@@ -44,9 +44,6 @@
     <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSpnegoSymmetricPort"

                   createdFromAPI="true">
        <jaxws:properties>
-           <entry key="ws-security.encryption.properties" 
-                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
-           <entry key="ws-security.encryption.username" value="bob"/>
            <entry key="ws-security.kerberos.jaas.context" value="alice" />
            <entry key="ws-security.kerberos.spn" value="bob@service.ws.apache.org" />
        </jaxws:properties>
@@ -55,9 +52,6 @@
     <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSpnegoSymmetricDerivedPort"

                   createdFromAPI="true">
        <jaxws:properties>
-           <entry key="ws-security.encryption.properties" 
-                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
-           <entry key="ws-security.encryption.username" value="bob"/>
            <entry key="ws-security.kerberos.jaas.context" value="alice" />
            <entry key="ws-security.kerberos.spn" value="bob@service.ws.apache.org" />
        </jaxws:properties>



Mime
View raw message