cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1364441 - in /cxf/branches/2.6.x-fixes: ./ api/src/main/java/org/apache/cxf/common/security/ rt/core/src/main/java/org/apache/cxf/interceptor/security/ rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/ rt/frontend/jaxrs/src/te...
Date Sun, 22 Jul 2012 21:51:49 GMT
Author: sergeyb
Date: Sun Jul 22 21:51:48 2012
New Revision: 1364441

URL: http://svn.apache.org/viewvc?rev=1364441&view=rev
Log:
Merged revisions 1363997,1364007,1364437 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1363997 | sergeyb | 2012-07-20 23:34:32 +0100 (Fri, 20 Jul 2012) | 1 line
  
  [CXF-4430] Few last Kerberos updates for now with support for JAAS Configuration, also reusing
NamespacePasswordCallbackHandler which can handle servlet specific password callbacks
........
  r1364007 | sergeyb | 2012-07-20 23:49:30 +0100 (Fri, 20 Jul 2012) | 1 line
  
  forgetting to commit one more update
........
  r1364437 | sergeyb | 2012-07-22 22:42:11 +0100 (Sun, 22 Jul 2012) | 1 line
  
  Minor to updates for Kerberos filters to work with keytabs
........

Added:
    cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginJaasConfiguration.java
      - copied unchanged from r1364437, cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginJaasConfiguration.java
    cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasConfigurationSecurityTest.java
      - copied unchanged from r1364437, cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasConfigurationSecurityTest.java
Modified:
    cxf/branches/2.6.x-fixes/   (props changed)
    cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/common/security/SimpleSecurityContext.java
    cxf/branches/2.6.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
    cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
    cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
    cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProviderTest.java
    cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
    cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookKerberosServer.java
    cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSKerberosBookTest.java
    cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/kerberos.cfg
    cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml

Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
    svn:mergeinfo = /cxf/trunk:1363997-1364437

Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/common/security/SimpleSecurityContext.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/common/security/SimpleSecurityContext.java?rev=1364441&r1=1364440&r2=1364441&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/common/security/SimpleSecurityContext.java
(original)
+++ cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/common/security/SimpleSecurityContext.java
Sun Jul 22 21:51:48 2012
@@ -23,11 +23,11 @@ import java.security.Principal;
 import org.apache.cxf.security.SecurityContext;
 
 public class SimpleSecurityContext implements SecurityContext {
-    private SimplePrincipal principal;
+    private Principal principal;
     public SimpleSecurityContext(String name) {
         this(new SimplePrincipal(name));
     }
-    public SimpleSecurityContext(SimplePrincipal principal) {
+    public SimpleSecurityContext(Principal principal) {
         this.principal = principal;
     }
     

Modified: cxf/branches/2.6.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java?rev=1364441&r1=1364440&r2=1364441&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
Sun Jul 22 21:51:48 2012
@@ -23,6 +23,7 @@ import java.util.logging.Logger;
 
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.Configuration;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
 
@@ -45,11 +46,13 @@ public class JAASLoginInterceptor extend
     private static final ResourceBundle BUNDLE = BundleUtils.getBundle(JAASLoginInterceptor.class);
     private static final Logger LOG = LogUtils.getL7dLogger(JAASLoginInterceptor.class);
     
-    private String contextName;
+    private String contextName = "";
+    private Configuration loginConfig;
     private String roleClassifier;
     private String roleClassifierType = ROLE_CLASSIFIER_PREFIX;
     private boolean reportFault;
     
+    
     public JAASLoginInterceptor() {
         super(Phase.UNMARSHAL);
     }
@@ -128,8 +131,11 @@ public class JAASLoginInterceptor extend
         }
         
         try {
+            
+            
             CallbackHandler handler = getCallbackHandler(name, password);  
-            LoginContext ctx = new LoginContext(getContextName(), handler);  
+            LoginContext ctx = new LoginContext(getContextName(), null, handler, loginConfig);
 
+            
             ctx.login();
             
             Subject subject = ctx.getSubject();
@@ -158,6 +164,14 @@ public class JAASLoginInterceptor extend
             return new DefaultSecurityContext(subject);
         }
     }
+
+    public Configuration getLoginConfig() {
+        return loginConfig;
+    }
+
+    public void setLoginConfig(Configuration loginConfig) {
+        this.loginConfig = loginConfig;
+    }
     
     
 }

Modified: cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java?rev=1364441&r1=1364440&r2=1364441&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
Sun Jul 22 21:51:48 2012
@@ -23,6 +23,7 @@ import java.util.Arrays;
 import java.util.List;
 
 import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.Configuration;
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
@@ -63,6 +64,10 @@ public class JAASAuthenticationFilter im
         interceptor.setContextName(name);
     }
     
+    public void setLoginConfig(Configuration config) {
+        interceptor.setLoginConfig(config);
+    }
+    
     @Deprecated
     public void setRolePrefix(String name) {
         interceptor.setRolePrefix(name);

Modified: cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java?rev=1364441&r1=1364440&r2=1364441&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
Sun Jul 22 21:51:48 2012
@@ -25,6 +25,7 @@ import java.util.logging.Logger;
 
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.Configuration;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
 import javax.ws.rs.WebApplicationException;
@@ -37,6 +38,7 @@ import org.apache.cxf.common.security.Si
 import org.apache.cxf.common.security.SimpleSecurityContext;
 import org.apache.cxf.common.util.Base64Exception;
 import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.jaxrs.ext.RequestHandler;
 import org.apache.cxf.jaxrs.model.ClassResourceInfo;
@@ -60,7 +62,8 @@ public class KerberosAuthenticationFilte
     
     private MessageContext messageContext;
     private CallbackHandler callbackHandler;
-    private String loginContextName;
+    private Configuration loginConfig;
+    private String loginContextName = "";
     private String servicePrincipalName;
     private String realm;
     
@@ -141,13 +144,17 @@ public class KerberosAuthenticationFilte
         
         // The login without a callback can work if
         // - Kerberos keytabs are used with a principal name set in the JAAS config
-        // - TGT cache is available and either a principalName is set in the JAAS config
-        //   or Kerberos is integrated into the OS logon process
+        // - Kerberos is integrated into the OS logon process
         //   meaning that a process which runs this code has the
         //   user identity  
         
-        LoginContext lc = callbackHandler != null 
-            ? new LoginContext(loginContextName, callbackHandler) : new LoginContext(loginContextName);
+        LoginContext lc = null;
+        if (!StringUtils.isEmpty(loginContextName) || loginConfig != null) {
+            lc = new LoginContext(loginContextName, null, callbackHandler, loginConfig);
+        } else {
+            LOG.fine("LoginContext can not be initialized");
+            throw new LoginException();
+        }
         lc.login();
         return lc.getSubject();
     }
@@ -234,4 +241,7 @@ public class KerberosAuthenticationFilte
             return context;
         }
     }
+    
+    
+
 }

Modified: cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProviderTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProviderTest.java?rev=1364441&r1=1364440&r2=1364441&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProviderTest.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProviderTest.java
Sun Jul 22 21:51:48 2012
@@ -65,6 +65,13 @@ public class MediaTypeHeaderProviderTest
     }
     
     @Test
+    public void testShortWildcardWithParameters3() {
+        MediaType m = MediaType.valueOf("*; q=.2");
+        assertEquals("Media type was not parsed correctly", 
+                     m, new MediaType("*", "*"));
+    }
+    
+    @Test
     public void testBadType() {
         try {
             new MediaTypeHeaderProvider().fromString("texthtml");

Modified: cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java?rev=1364441&r1=1364440&r2=1364441&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
Sun Jul 22 21:51:48 2012
@@ -25,10 +25,8 @@ import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.login.Configuration;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
 
@@ -36,6 +34,7 @@ import org.apache.cxf.common.logging.Log
 import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.interceptor.security.NamePasswordCallbackHandler;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.ietf.jgss.GSSContext;
@@ -61,6 +60,7 @@ public abstract class AbstractSpnegoAuth
     private String servicePrincipalName;
     private String realm;
     private boolean credDelegation;
+    private Configuration loginConfig;
     
     public String getAuthorization(AuthorizationPolicy authPolicy,
                                    URL currentURL,
@@ -96,14 +96,23 @@ public abstract class AbstractSpnegoAuth
     private byte[] getToken(AuthorizationPolicy authPolicy,
                             final GSSContext context) throws GSSException,
         LoginException {
+        
+        String contextName = authPolicy.getAuthorization();
+        if (contextName == null) {
+            contextName = "";
+        }
+        
         final byte[] token = new byte[0];
 
-        if (authPolicy == null || StringUtils.isEmpty(authPolicy.getUserName())) {
+        if (authPolicy == null 
+            || (StringUtils.isEmpty(authPolicy.getUserName())
+                && StringUtils.isEmpty(contextName) && loginConfig == null))
{
             return context.initSecContext(token, 0, token.length);
         }
-
-        LoginContext lc = new LoginContext(authPolicy.getAuthorization(), getUsernamePasswordHandler(
-            authPolicy.getUserName(), authPolicy.getPassword()));
+        
+        CallbackHandler callbackHandler = getUsernamePasswordHandler(
+            authPolicy.getUserName(), authPolicy.getPassword());
+        LoginContext lc = new LoginContext(contextName, null, callbackHandler, loginConfig);
         lc.login();
         
         try {
@@ -188,26 +197,20 @@ public abstract class AbstractSpnegoAuth
         }
     }
     
-    public static CallbackHandler getUsernamePasswordHandler(final String username, final
String password) {
-        final CallbackHandler handler = new CallbackHandler() {
-
-            public void handle(final Callback[] callback) {
-                for (int i = 0; i < callback.length; i++) {
-                    if (callback[i] instanceof NameCallback) {
-                        final NameCallback nameCallback = (NameCallback) callback[i];
-                        nameCallback.setName(username);
-                    } else if (callback[i] instanceof PasswordCallback) {
-                        final PasswordCallback passCallback = (PasswordCallback) callback[i];
-                        passCallback.setPassword(password.toCharArray());
-                    }
-                }
-            }
-        };
-        return handler;
+    public CallbackHandler getUsernamePasswordHandler(final String username, final String
password) {
+        if (StringUtils.isEmpty(username)) {
+            return null;
+        } else {
+            return new NamePasswordCallbackHandler(username, password);
+        }
     }
 
     public void setCredDelegation(boolean delegation) {
         this.credDelegation = delegation;
     }
 
+    public void setLoginConfig(Configuration config) {
+        this.loginConfig = config;
+    }
+
 }

Modified: cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookKerberosServer.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookKerberosServer.java?rev=1364441&r1=1364440&r2=1364441&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookKerberosServer.java
(original)
+++ cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookKerberosServer.java
Sun Jul 22 21:51:48 2012
@@ -19,11 +19,9 @@
 
 package org.apache.cxf.systest.jaxrs.security;
 
-import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
 
+import org.apache.cxf.interceptor.security.NamePasswordCallbackHandler;
 import org.apache.cxf.jaxrs.JAXRSServerFactoryBean;
 import org.apache.cxf.jaxrs.lifecycle.SingletonResourceProvider;
 import org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter;
@@ -44,6 +42,8 @@ public class BookKerberosServer extends 
         KerberosAuthenticationFilter filter = new KerberosAuthenticationFilter();
         filter.setLoginContextName("KerberosServer");
         filter.setCallbackHandler(getCallbackHandler("HTTP/localhost", "http"));
+        //filter.setLoginContextName("KerberosServerKeyTab");
+        //filter.setServicePrincipalName("HTTP/ktab");
         sf.setProvider(filter);
         sf.setAddress("http://localhost:" + PORT + "/");
       
@@ -63,20 +63,6 @@ public class BookKerberosServer extends 
     }
     
     public static CallbackHandler getCallbackHandler(final String username, final String
password) {
-        final CallbackHandler handler = new CallbackHandler() {
-
-            public void handle(final Callback[] callback) {
-                for (int i = 0; i < callback.length; i++) {
-                    if (callback[i] instanceof NameCallback) {
-                        final NameCallback nameCallback = (NameCallback) callback[i];
-                        nameCallback.setName(username);
-                    } else if (callback[i] instanceof PasswordCallback) {
-                        final PasswordCallback passCallback = (PasswordCallback) callback[i];
-                        passCallback.setPassword(password.toCharArray());
-                    }
-                }
-            }
-        };
-        return handler;
+        return new NamePasswordCallbackHandler(username, password);
     }
 }

Modified: cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSKerberosBookTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSKerberosBookTest.java?rev=1364441&r1=1364440&r2=1364441&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSKerberosBookTest.java
(original)
+++ cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSKerberosBookTest.java
Sun Jul 22 21:51:48 2012
@@ -90,4 +90,48 @@ public class JAXRSKerberosBookTest exten
         Book b = wc.get(Book.class);
         assertEquals(b.getId(), 123);
     }
+    
+    @Test
+    @Ignore
+    public void testGetBookWithInterceptorAndKeyTab() throws Exception {
+        WebClient wc = WebClient.create("http://localhost:" + PORT + "/bookstore/books/123");
+        
+        KerberosAuthOutInterceptor kbInterceptor = new KerberosAuthOutInterceptor();
+        
+        AuthorizationPolicy policy = new AuthorizationPolicy();
+        policy.setAuthorizationType(HttpAuthHeader.AUTH_TYPE_NEGOTIATE);
+        policy.setAuthorization("KerberosClientKeyTab");
+        
+        kbInterceptor.setPolicy(policy);
+        kbInterceptor.setCredDelegation(true);
+        
+        WebClient.getConfig(wc).getOutInterceptors().add(new LoggingOutInterceptor());
+        WebClient.getConfig(wc).getOutInterceptors().add(kbInterceptor);
+        
+        Book b = wc.get(Book.class);
+        assertEquals(b.getId(), 123);
+    }
+    
+    @Test
+    @Ignore
+    public void testGetBookWithInterceptorServiceKeyTab() throws Exception {
+        WebClient wc = WebClient.create("http://localhost:" + PORT + "/bookstore/books/123");
+        
+        KerberosAuthOutInterceptor kbInterceptor = new KerberosAuthOutInterceptor();
+        
+        AuthorizationPolicy policy = new AuthorizationPolicy();
+        policy.setAuthorizationType(HttpAuthHeader.AUTH_TYPE_NEGOTIATE);
+        policy.setAuthorization("KerberosClient");
+        policy.setUserName("alice");
+        policy.setPassword("alice");
+        
+        kbInterceptor.setPolicy(policy);
+        kbInterceptor.setServicePrincipalName("HTTP/ktab");
+        
+        WebClient.getConfig(wc).getOutInterceptors().add(new LoggingOutInterceptor());
+        WebClient.getConfig(wc).getOutInterceptors().add(kbInterceptor);
+        
+        Book b = wc.get(Book.class);
+        assertEquals(b.getId(), 123);
+    }
 }

Modified: cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/kerberos.cfg
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/kerberos.cfg?rev=1364441&r1=1364440&r2=1364441&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/kerberos.cfg
(original)
+++ cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/kerberos.cfg
Sun Jul 22 21:51:48 2012
@@ -1,6 +1,22 @@
 KerberosClient {
     com.sun.security.auth.module.Krb5LoginModule required client=TRUE;
 };
+KerberosClientKeyTab {
+    com.sun.security.auth.module.Krb5LoginModule required
+    client=TRUE
+    refreshKrb5Config=true
+    useKeyTab=true
+    keyTab="/etc/bob.keytab"
+    principal="bob";
+};
 KerberosServer {
     com.sun.security.auth.module.Krb5LoginModule required storeKey=true;
 };
+KerberosServerKeyTab {
+    com.sun.security.auth.module.Krb5LoginModule required
+    storeKey=true
+    refreshKrb5Config=true
+    useKeyTab=true
+    keyTab="/etc/http.keytab"
+    principal="HTTP/ktab";
+};

Modified: cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml?rev=1364441&r1=1364440&r2=1364441&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml
(original)
+++ cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml
Sun Jul 22 21:51:48 2012
@@ -58,11 +58,43 @@ http://cxf.apache.org/schemas/jaxrs.xsd"
     </jaxrs:providers>
   </jaxrs:server>
   
+  <jaxrs:server address="/jaasConfig">
+    <jaxrs:serviceBeans>
+       <bean class="org.apache.cxf.systest.jaxrs.security.SecureBookStoreNoAnnotations"/>
+    </jaxrs:serviceBeans>		   
+    <jaxrs:inInterceptors>
+        <ref bean="authenticationInterceptorWithConfig"/>
+        <ref bean="authorizationInterceptor"/>
+    </jaxrs:inInterceptors>
+    
+    <jaxrs:outFaultInterceptors>
+        <bean class="org.apache.cxf.systest.jaxrs.security.SecurityOutFaultInterceptor"/>
+    </jaxrs:outFaultInterceptors>
+    
+  </jaxrs:server>
+  
+  <jaxrs:server address="/jaasConfigFilter">
+	    <jaxrs:serviceBeans>
+	       <bean class="org.apache.cxf.systest.jaxrs.security.SecureBookStoreNoAnnotations"/>
+	    </jaxrs:serviceBeans>		   
+	    <jaxrs:providers>
+	        <ref bean="authenticationFilterConfig"/>
+	        <ref bean="authorizationFilter"/>
+	    </jaxrs:providers>
+  </jaxrs:server>
+  
+  
   <bean id="authenticationInterceptor" class="org.apache.cxf.interceptor.security.JAASLoginInterceptor">
         <property name="contextName" value="BookLogin"/>
         <property name="rolePrefix" value="ROLE_"/>
   </bean>
   
+  <bean id="bookLoginConfig" class="org.apache.cxf.systest.jaxrs.security.BookLoginJaasConfiguration"/>
+  <bean id="authenticationInterceptorWithConfig" class="org.apache.cxf.interceptor.security.JAASLoginInterceptor">
+        <property name="loginConfig" ref="bookLoginConfig"/>
+        <property name="rolePrefix" value="ROLE_"/>
+  </bean>
+  
   <bean id="authorizationInterceptor" class="org.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor">
         <property name="methodRolesMap" ref="rolesMap"/>
   </bean>
@@ -74,6 +106,11 @@ http://cxf.apache.org/schemas/jaxrs.xsd"
         <property name="redirectURI" value="/login.jsp"/>
   </bean>
   
+  <bean id="authenticationFilterConfig" class="org.apache.cxf.systest.jaxrs.security.JettyJAASFilter">
+        <property name="loginConfig" ref="bookLoginConfig"/>
+        <property name="rolePrefix" value="ROLE_"/>
+  </bean>
+  
   <bean id="authorizationFilter" class="org.apache.cxf.jaxrs.security.SimpleAuthorizingFilter">
         <property name="interceptor" ref="authorizationInterceptor"/>
   </bean>



Mime
View raw message