cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r1443132 - in /cxf/trunk: rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasSecurityTest.java
Date Wed, 06 Feb 2013 19:04:24 GMT
Author: dkulp
Date: Wed Feb  6 19:04:24 2013
New Revision: 1443132

URL: http://svn.apache.org/viewvc?rev=1443132&view=rev
Log:
[CXF-4815] Only return the auth creds once

Modified:
    cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java
    cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasSecurityTest.java

Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java?rev=1443132&r1=1443131&r2=1443132&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java
(original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java
Wed Feb  6 19:04:24 2013
@@ -97,10 +97,18 @@ public class CXFAuthenticator extends Au
                     }
                 } else if (getRequestorType() == RequestorType.SERVER
                     && httpConduit.getAuthorization() != null) {
+                    
+                    if (m.containsKey(PasswordAuthentication.class.getName())
+                        && ("basic".equals(getRequestingScheme())
+                            || "digest".equals(getRequestingScheme()))) {
+                        return null;
+                    }
+                    
                     String un = httpConduit.getAuthorization().getUserName();
                     String pwd =  httpConduit.getAuthorization().getPassword();
                     if (un != null && pwd != null) {
                         auth = new PasswordAuthentication(un, pwd.toCharArray());
+                        m.put(PasswordAuthentication.class.getName(), Boolean.TRUE);
                     }
                 }
             }

Modified: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasSecurityTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasSecurityTest.java?rev=1443132&r1=1443131&r2=1443132&view=diff
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasSecurityTest.java
(original)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasSecurityTest.java
Wed Feb  6 19:04:24 2013
@@ -24,6 +24,7 @@ import java.util.Collections;
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.Response;
 
+import org.apache.cxf.configuration.security.AuthorizationPolicy;
 import org.apache.cxf.jaxrs.client.WebClient;
 
 import org.junit.BeforeClass;
@@ -64,9 +65,15 @@ public class JAXRSJaasSecurityTest exten
         String endpointAddress =
             "http://localhost:" + PORT + "/service/jaas2/bookstorestorage/thosebooks/123";

         WebClient wc = WebClient.create(endpointAddress);
+        AuthorizationPolicy pol = new AuthorizationPolicy();
+        pol.setUserName("foo");
+        pol.setPassword("bar1");
+        WebClient.getConfig(wc).getHttpConduit().setAuthorization(pol);
+        
         wc.accept("text/xml");
-        wc.header(HttpHeaders.AUTHORIZATION, 
-                  "Basic " + base64Encode("foo" + ":" + "bar1"));
+        
+        //wc.header(HttpHeaders.AUTHORIZATION, 
+        //          "Basic " + base64Encode("foo" + ":" + "bar1"));
         Response r = wc.get();
         assertEquals(401, r.getStatus());
         Object wwwAuthHeader = r.getMetadata().getFirst(HttpHeaders.WWW_AUTHENTICATE);



Mime
View raw message