Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 65E10D233 for ; Fri, 20 Jul 2012 22:34:55 +0000 (UTC) Received: (qmail 88974 invoked by uid 500); 20 Jul 2012 22:34:55 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 88928 invoked by uid 500); 20 Jul 2012 22:34:55 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 88918 invoked by uid 99); 20 Jul 2012 22:34:55 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Jul 2012 22:34:55 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Jul 2012 22:34:52 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id D4F152388962; Fri, 20 Jul 2012 22:34:33 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1363997 - in /cxf/trunk: api/src/main/java/org/apache/cxf/common/security/ rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/ rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/ rt/transports/http/src/main/java/org/apach... Date: Fri, 20 Jul 2012 22:34:33 -0000 To: commits@cxf.apache.org From: sergeyb@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20120720223433.D4F152388962@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: sergeyb Date: Fri Jul 20 22:34:32 2012 New Revision: 1363997 URL: http://svn.apache.org/viewvc?rev=1363997&view=rev Log: [CXF-4430] Few last Kerberos updates for now with support for JAAS Configuration, also reusing NamespacePasswordCallbackHandler which can handle servlet specific password callbacks Added: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginJaasConfiguration.java (with props) cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasConfigurationSecurityTest.java (with props) Modified: cxf/trunk/api/src/main/java/org/apache/cxf/common/security/SimpleSecurityContext.java cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java cxf/trunk/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProviderTest.java cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookKerberosServer.java cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml Modified: cxf/trunk/api/src/main/java/org/apache/cxf/common/security/SimpleSecurityContext.java URL: http://svn.apache.org/viewvc/cxf/trunk/api/src/main/java/org/apache/cxf/common/security/SimpleSecurityContext.java?rev=1363997&r1=1363996&r2=1363997&view=diff ============================================================================== --- cxf/trunk/api/src/main/java/org/apache/cxf/common/security/SimpleSecurityContext.java (original) +++ cxf/trunk/api/src/main/java/org/apache/cxf/common/security/SimpleSecurityContext.java Fri Jul 20 22:34:32 2012 @@ -23,11 +23,11 @@ import java.security.Principal; import org.apache.cxf.security.SecurityContext; public class SimpleSecurityContext implements SecurityContext { - private SimplePrincipal principal; + private Principal principal; public SimpleSecurityContext(String name) { this(new SimplePrincipal(name)); } - public SimpleSecurityContext(SimplePrincipal principal) { + public SimpleSecurityContext(Principal principal) { this.principal = principal; } Modified: cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java?rev=1363997&r1=1363996&r2=1363997&view=diff ============================================================================== --- cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java (original) +++ cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java Fri Jul 20 22:34:32 2012 @@ -23,6 +23,7 @@ import java.util.Arrays; import java.util.List; import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.Configuration; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; @@ -63,6 +64,10 @@ public class JAASAuthenticationFilter im interceptor.setContextName(name); } + public void setLoginConfig(Configuration config) { + interceptor.setLoginConfig(config); + } + @Deprecated public void setRolePrefix(String name) { interceptor.setRolePrefix(name); Modified: cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java?rev=1363997&r1=1363996&r2=1363997&view=diff ============================================================================== --- cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java (original) +++ cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java Fri Jul 20 22:34:32 2012 @@ -25,6 +25,7 @@ import java.util.logging.Logger; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.Configuration; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import javax.ws.rs.WebApplicationException; @@ -37,6 +38,7 @@ import org.apache.cxf.common.security.Si import org.apache.cxf.common.security.SimpleSecurityContext; import org.apache.cxf.common.util.Base64Exception; import org.apache.cxf.common.util.Base64Utility; +import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.jaxrs.ext.RequestHandler; import org.apache.cxf.jaxrs.model.ClassResourceInfo; @@ -60,7 +62,8 @@ public class KerberosAuthenticationFilte private MessageContext messageContext; private CallbackHandler callbackHandler; - private String loginContextName; + private Configuration loginConfig; + private String loginContextName = ""; private String servicePrincipalName; private String realm; @@ -146,8 +149,15 @@ public class KerberosAuthenticationFilte // meaning that a process which runs this code has the // user identity - LoginContext lc = callbackHandler != null - ? new LoginContext(loginContextName, callbackHandler) : new LoginContext(loginContextName); + LoginContext lc = null; + if (callbackHandler != null || loginConfig != null) { + lc = new LoginContext(loginContextName, null, callbackHandler, loginConfig); + } else if (!StringUtils.isEmpty(loginContextName)) { + lc = new LoginContext(loginContextName); + } else { + LOG.fine("LoginContext can not be initialized"); + throw new LoginException(); + } lc.login(); return lc.getSubject(); } @@ -234,4 +244,7 @@ public class KerberosAuthenticationFilte return context; } } + + + } Modified: cxf/trunk/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProviderTest.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProviderTest.java?rev=1363997&r1=1363996&r2=1363997&view=diff ============================================================================== --- cxf/trunk/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProviderTest.java (original) +++ cxf/trunk/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProviderTest.java Fri Jul 20 22:34:32 2012 @@ -65,6 +65,13 @@ public class MediaTypeHeaderProviderTest } @Test + public void testShortWildcardWithParameters3() { + MediaType m = MediaType.valueOf("*; q=.2"); + assertEquals("Media type was not parsed correctly", + m, new MediaType("*", "*")); + } + + @Test public void testBadType() { try { new MediaTypeHeaderProvider().fromString("texthtml"); Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java?rev=1363997&r1=1363996&r2=1363997&view=diff ============================================================================== --- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java (original) +++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java Fri Jul 20 22:34:32 2012 @@ -25,10 +25,8 @@ import java.util.logging.Level; import java.util.logging.Logger; import javax.security.auth.Subject; -import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.callback.NameCallback; -import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.login.Configuration; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; @@ -36,6 +34,7 @@ import org.apache.cxf.common.logging.Log import org.apache.cxf.common.util.Base64Utility; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.configuration.security.AuthorizationPolicy; +import org.apache.cxf.interceptor.security.NamePasswordCallbackHandler; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; import org.ietf.jgss.GSSContext; @@ -61,6 +60,7 @@ public abstract class AbstractSpnegoAuth private String servicePrincipalName; private String realm; private boolean credDelegation; + private Configuration loginConfig; public String getAuthorization(AuthorizationPolicy authPolicy, URL currentURL, @@ -101,9 +101,13 @@ public abstract class AbstractSpnegoAuth if (authPolicy == null || StringUtils.isEmpty(authPolicy.getUserName())) { return context.initSecContext(token, 0, token.length); } - - LoginContext lc = new LoginContext(authPolicy.getAuthorization(), getUsernamePasswordHandler( - authPolicy.getUserName(), authPolicy.getPassword())); + String contextName = authPolicy.getAuthorization(); + if (contextName == null) { + contextName = ""; + } + CallbackHandler callbackHandler = getUsernamePasswordHandler( + authPolicy.getUserName(), authPolicy.getPassword()); + LoginContext lc = new LoginContext(contextName, null, callbackHandler, loginConfig); lc.login(); try { @@ -188,26 +192,16 @@ public abstract class AbstractSpnegoAuth } } - public static CallbackHandler getUsernamePasswordHandler(final String username, final String password) { - final CallbackHandler handler = new CallbackHandler() { - - public void handle(final Callback[] callback) { - for (int i = 0; i < callback.length; i++) { - if (callback[i] instanceof NameCallback) { - final NameCallback nameCallback = (NameCallback) callback[i]; - nameCallback.setName(username); - } else if (callback[i] instanceof PasswordCallback) { - final PasswordCallback passCallback = (PasswordCallback) callback[i]; - passCallback.setPassword(password.toCharArray()); - } - } - } - }; - return handler; + public CallbackHandler getUsernamePasswordHandler(final String username, final String password) { + return new NamePasswordCallbackHandler(username, password); } public void setCredDelegation(boolean delegation) { this.credDelegation = delegation; } + public void setLoginConfig(Configuration config) { + this.loginConfig = config; + } + } Modified: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookKerberosServer.java URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookKerberosServer.java?rev=1363997&r1=1363996&r2=1363997&view=diff ============================================================================== --- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookKerberosServer.java (original) +++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookKerberosServer.java Fri Jul 20 22:34:32 2012 @@ -19,11 +19,9 @@ package org.apache.cxf.systest.jaxrs.security; -import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.callback.NameCallback; -import javax.security.auth.callback.PasswordCallback; +import org.apache.cxf.interceptor.security.NamePasswordCallbackHandler; import org.apache.cxf.jaxrs.JAXRSServerFactoryBean; import org.apache.cxf.jaxrs.lifecycle.SingletonResourceProvider; import org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter; @@ -63,20 +61,6 @@ public class BookKerberosServer extends } public static CallbackHandler getCallbackHandler(final String username, final String password) { - final CallbackHandler handler = new CallbackHandler() { - - public void handle(final Callback[] callback) { - for (int i = 0; i < callback.length; i++) { - if (callback[i] instanceof NameCallback) { - final NameCallback nameCallback = (NameCallback) callback[i]; - nameCallback.setName(username); - } else if (callback[i] instanceof PasswordCallback) { - final PasswordCallback passCallback = (PasswordCallback) callback[i]; - passCallback.setPassword(password.toCharArray()); - } - } - } - }; - return handler; + return new NamePasswordCallbackHandler(username, password); } } Added: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginJaasConfiguration.java URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginJaasConfiguration.java?rev=1363997&view=auto ============================================================================== --- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginJaasConfiguration.java (added) +++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginJaasConfiguration.java Fri Jul 20 22:34:32 2012 @@ -0,0 +1,36 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.jaxrs.security; + +import java.util.Collections; + +import javax.security.auth.login.AppConfigurationEntry; +import javax.security.auth.login.Configuration; + +public class BookLoginJaasConfiguration extends Configuration { + public AppConfigurationEntry[] getAppConfigurationEntry(String name) { + return new AppConfigurationEntry[] { + new AppConfigurationEntry(BookLoginModule.class.getName(), + AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, + Collections.emptyMap()) + }; + } +} + + Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginJaasConfiguration.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginJaasConfiguration.java ------------------------------------------------------------------------------ svn:keywords = Rev Date Added: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasConfigurationSecurityTest.java URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasConfigurationSecurityTest.java?rev=1363997&view=auto ============================================================================== --- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasConfigurationSecurityTest.java (added) +++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasConfigurationSecurityTest.java Fri Jul 20 22:34:32 2012 @@ -0,0 +1,77 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.jaxrs.security; + +import javax.ws.rs.core.HttpHeaders; +import javax.ws.rs.core.Response; + +import org.apache.cxf.jaxrs.client.WebClient; + +import org.junit.BeforeClass; +import org.junit.Test; + +public class JAXRSJaasConfigurationSecurityTest extends AbstractSpringSecurityTest { + public static final int PORT = BookServerJaasSecurity.PORT; + + @BeforeClass + public static void startServers() throws Exception { + assertTrue("server did not launch correctly", + launchServer(BookServerJaasSecurity.class, + true)); + } + + @Test + public void testJaasInterceptorAuthenticationFailure() throws Exception { + String endpointAddress = + "http://localhost:" + PORT + "/service/jaasConfig/bookstorestorage/thosebooks/123"; + getBook(endpointAddress, "foo", "bar1", 401); + } + + @Test + public void testGetBookUserAdminJaasInterceptor() throws Exception { + String endpointAddress = + "http://localhost:" + PORT + "/service/jaasConfig/bookstorestorage/thosebooks/123"; + getBook(endpointAddress, "foo", "bar", 403); + getBook(endpointAddress, "bob", "bobspassword", 200); + } + + @Test + public void testJaasFilterAuthenticationFailure() throws Exception { + String endpointAddress = + "http://localhost:" + PORT + "/service/jaasConfigFilter/bookstorestorage/thosebooks/123"; + WebClient wc = WebClient.create(endpointAddress); + wc.accept("text/xml"); + wc.header(HttpHeaders.AUTHORIZATION, + "Basic " + base64Encode("foo" + ":" + "bar1")); + Response r = wc.get(); + assertEquals(401, r.getStatus()); + Object wwwAuthHeader = r.getMetadata().getFirst(HttpHeaders.WWW_AUTHENTICATE); + assertNotNull(wwwAuthHeader); + assertEquals("Basic", wwwAuthHeader.toString()); + } + + @Test + public void testGetBookUserAdminJaasFilter() throws Exception { + String endpointAddress = + "http://localhost:" + PORT + "/service/jaasConfigFilter/bookstorestorage/thosebooks/123"; + getBook(endpointAddress, "foo", "bar", 403); + getBook(endpointAddress, "bob", "bobspassword", 200); + } +} Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasConfigurationSecurityTest.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasConfigurationSecurityTest.java ------------------------------------------------------------------------------ svn:keywords = Rev Date Modified: cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml?rev=1363997&r1=1363996&r2=1363997&view=diff ============================================================================== --- cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml (original) +++ cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml Fri Jul 20 22:34:32 2012 @@ -58,11 +58,43 @@ http://cxf.apache.org/schemas/jaxrs.xsd" + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -74,6 +106,11 @@ http://cxf.apache.org/schemas/jaxrs.xsd" + + + + +