cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ashaki...@apache.org
Subject svn commit: r1503170 - in /cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security: SecurityConstants.java wss4j/WSS4JInInterceptor.java
Date Mon, 15 Jul 2013 10:45:30 GMT
Author: ashakirin
Date: Mon Jul 15 10:45:30 2013
New Revision: 1503170

URL: http://svn.apache.org/r1503170
Log:
Backport of [CXF-5126]: fixing Creation of SecurityContext from JAAS Subject for Kerberos

Modified:
    cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java

Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1503170&r1=1503169&r2=1503170&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Mon Jul 15 10:45:30 2013
@@ -447,6 +447,13 @@ public final class SecurityConstants {
      */
     public static final String MUST_UNDERSTAND = "ws-security.must-understand";
 
+    /**
+     * Set this to "false" if security context must not be created from JAAS Subject.
+     *
+     * The default value is "true".
+     */
+    public static final String SC_FROM_JAAS_SUBJECT = "ws-security.sc.jaas-subject";
+
     //
     // Internal tags
     //

Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1503170&r1=1503169&r2=1503170&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Mon Jul 15 10:45:30 2013
@@ -34,6 +34,7 @@ import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.kerberos.KerberosPrincipal;
 import javax.xml.namespace.QName;
 import javax.xml.soap.SOAPException;
 import javax.xml.soap.SOAPMessage;
@@ -478,7 +479,9 @@ public class WSS4JInInterceptor extends 
             }
             final Principal p = (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);
             final Subject subject = (Subject)o.get(WSSecurityEngineResult.TAG_SUBJECT);
-            if (subject != null) {
+            final boolean useJAASSubject = MessageUtils
+                .getContextualBoolean(msg, SecurityConstants.SC_FROM_JAAS_SUBJECT, true);
+            if ((subject != null) && !(p instanceof KerberosPrincipal) &&
useJAASSubject) {
                 String roleClassifier = 
                     (String)msg.getContextualProperty(SecurityConstants.SUBJECT_ROLE_CLASSIFIER);
                 if (roleClassifier != null && !"".equals(roleClassifier)) {



Mime
View raw message