cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: [CXF-5603] - The DefaultSecurityContext should use a supplied username to help find the User Principal
Date Tue, 11 Mar 2014 15:39:50 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 741754e03 -> 9251e70e5


[CXF-5603] - The DefaultSecurityContext should use a supplied username to help find the User
Principal


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9251e70e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9251e70e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9251e70e

Branch: refs/heads/master
Commit: 9251e70e5d449caf0c014f41ec98d019f0bafd2a
Parents: 741754e
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Mar 11 15:39:00 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Mar 11 15:39:00 2014 +0000

----------------------------------------------------------------------
 .../security/DefaultSecurityContext.java        | 26 +++++++++++++++++---
 .../security/JAASLoginInterceptor.java          |  6 ++---
 2 files changed, 25 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/9251e70e/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
b/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
index b0f6138..11934c4 100644
--- a/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
+++ b/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
@@ -41,7 +41,12 @@ public class DefaultSecurityContext implements LoginSecurityContext {
     private Subject subject; 
     
     public DefaultSecurityContext(Subject subject) {
-        this.p = findPrincipal(subject);
+        this.p = findPrincipal(null, subject);
+        this.subject = subject;
+    }
+    
+    public DefaultSecurityContext(String principalName, Subject subject) {
+        this.p = findPrincipal(principalName, subject);
         this.subject = subject;
     }
     
@@ -49,18 +54,31 @@ public class DefaultSecurityContext implements LoginSecurityContext {
         this.p = p;
         this.subject = subject;
         if (p == null) {
-            this.p = findPrincipal(subject);
+            this.p = findPrincipal(null, subject);
         }
     }
     
-    private static Principal findPrincipal(Subject subject) {
-        if (subject != null) {
+    private static Principal findPrincipal(String principalName, Subject subject) {
+        if (subject == null) {
+            return null;
+        }
+        
+        for (Principal principal : subject.getPrincipals()) {
+            if (!(principal instanceof Group) && (principalName == null 
+                || (principalName != null && principalName.equals(principal.getName()))))
{
+                return principal;
+            }
+        }
+        
+        // No match for the principalName. Just return first non-Group Principal
+        if (principalName != null) {
             for (Principal principal : subject.getPrincipals()) {
                 if (!(principal instanceof Group)) { 
                     return principal;
                 }
             }
         }
+        
         return null;
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/9251e70e/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
b/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
index 43d5f5e..928bc38 100644
--- a/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
+++ b/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
@@ -138,7 +138,7 @@ public class JAASLoginInterceptor extends AbstractPhaseInterceptor<Message>
{
             
             Subject subject = ctx.getSubject();
             
-            message.put(SecurityContext.class, createSecurityContext(subject)); 
+            message.put(SecurityContext.class, createSecurityContext(name, subject)); 
         } catch (LoginException ex) {
             String errorMessage = "Unauthorized : " + ex.getMessage();
             LOG.fine(errorMessage);
@@ -154,12 +154,12 @@ public class JAASLoginInterceptor extends AbstractPhaseInterceptor<Message>
{
         return new NamePasswordCallbackHandler(name, password);
     }
     
-    protected SecurityContext createSecurityContext(Subject subject) {
+    protected SecurityContext createSecurityContext(String name, Subject subject) {
         if (getRoleClassifier() != null) {
             return new RolePrefixSecurityContextImpl(subject, getRoleClassifier(),
                                                      getRoleClassifierType());
         } else {
-            return new DefaultSecurityContext(subject);
+            return new DefaultSecurityContext(name, subject);
         }
     }
 


Mime
View raw message