cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1362711 - /cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
Date Tue, 17 Jul 2012 22:55:30 GMT
Author: sergeyb
Date: Tue Jul 17 22:55:30 2012
New Revision: 1362711

URL: http://svn.apache.org/viewvc?rev=1362711&view=rev
Log:
[CXF-4430] Updating the filter to check if the user name is null, optionally removing the
realm when setting up a security context

Modified:
    cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java

Modified: cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java?rev=1362711&r1=1362710&r2=1362711&view=diff
==============================================================================
--- cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
(original)
+++ cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
Tue Jul 17 22:55:30 2012
@@ -58,6 +58,7 @@ public class KerberosAuthenticationFilte
     private String loginContextName;
     private String servicePrincipalName;
     private String realm;
+    private boolean keepUserPrincipalRealm = true;
     
     public Response handleRequest(Message m, ClassResourceInfo resourceClass) {
         
@@ -80,8 +81,21 @@ public class KerberosAuthenticationFilte
 
             Subject.doAs(serviceSubject, new ValidateServiceTicketAction(gssContext, serviceTicket));
             
-            final String clientName = gssContext.getSrcName().toString();            
-            m.put(SecurityContext.class, new SimpleSecurityContext(clientName));
+            GSSName srcName = gssContext.getSrcName();
+            if (srcName == null) {
+                throw new WebApplicationException(getFaultResponse());
+            }
+            
+            String userName = srcName.toString();
+            if (!keepUserPrincipalRealm) {
+                int index = userName.lastIndexOf('@');
+                if (index > 0) {
+                    userName = userName.substring(0, index);
+                    //TODO: still provide a complete user name via KerberosPrincipal
+                }
+            }
+            m.put(SecurityContext.class, new SimpleSecurityContext(userName));
+            
             
         } catch (LoginException e) {
             throw new WebApplicationException(getFaultResponse());
@@ -167,6 +181,11 @@ public class KerberosAuthenticationFilte
         this.callbackHandler = callbackHandler;
     }
 
+    
+    public void setKeepUserPrincipalRealm(boolean keep) {
+        this.keepUserPrincipalRealm = keep;
+    }
+
     private final class ValidateServiceTicketAction implements PrivilegedExceptionAction<byte[]>
{
         private final GSSContext context;
         private final byte[] token;



Mime
View raw message