cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Decoupled the AuthPolicyValidatingInterceptor from the STSTokenValidator. Also create a security context with the principal
Date Wed, 05 Mar 2014 12:41:24 GMT
Repository: cxf
Updated Branches:
  refs/heads/master b218997b9 -> 26d332eb2


Decoupled the AuthPolicyValidatingInterceptor from the STSTokenValidator. Also create a security
context with the principal


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/26d332eb
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/26d332eb
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/26d332eb

Branch: refs/heads/master
Commit: 26d332eb2909281152d7ed8232cb7e5c6469ca0c
Parents: b218997
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Mar 5 12:27:35 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Mar 5 12:35:13 2014 +0000

----------------------------------------------------------------------
 .../trust/AuthPolicyValidatingInterceptor.java  | 47 +++++++++++++++-----
 .../ws/security/trust/STSTokenValidator.java    |  3 +-
 .../sts/basic_auth/JaxrsBasicAuthTest.java      | 13 +++++-
 3 files changed, 49 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/26d332eb/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AuthPolicyValidatingInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AuthPolicyValidatingInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AuthPolicyValidatingInterceptor.java
index e457739..ac1f6a6 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AuthPolicyValidatingInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AuthPolicyValidatingInterceptor.java
@@ -18,31 +18,33 @@
  */
 package org.apache.cxf.ws.security.trust;
 
+import java.security.Principal;
 import java.util.ResourceBundle;
 import java.util.logging.Logger;
 
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-
 import org.w3c.dom.Document;
-
 import org.apache.cxf.common.i18n.BundleUtils;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
+import org.apache.cxf.security.SecurityContext;
+import org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl;
 import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.handler.RequestData;
 import org.apache.wss4j.dom.message.token.UsernameToken;
 import org.apache.wss4j.dom.validate.Credential;
+import org.apache.wss4j.dom.validate.Validator;
 
 public class AuthPolicyValidatingInterceptor extends AbstractPhaseInterceptor<Message>
{
 
     private static final ResourceBundle BUNDLE = BundleUtils.getBundle(AuthPolicyValidatingInterceptor.class);
     private static final Logger LOG = LogUtils.getL7dLogger(AuthPolicyValidatingInterceptor.class);
     
-    private STSTokenValidator validator;
+    private Validator validator;
     
     public AuthPolicyValidatingInterceptor() {
         this(Phase.UNMARSHAL);
@@ -74,7 +76,20 @@ public class AuthPolicyValidatingInterceptor extends AbstractPhaseInterceptor<Me
             UsernameToken token = convertPolicyToToken(policy);
             Credential credential = new Credential();
             credential.setUsernametoken(token);
-            validator.validateWithSTS(credential, message);
+            
+            RequestData data = new RequestData();
+            data.setMsgContext(message);
+            credential = validator.validate(credential, data);
+            
+            // Create a Principal/SecurityContext
+            Principal p = null;
+            if (credential != null && credential.getPrincipal() != null) {
+                p = credential.getPrincipal();
+            } else {
+                p = new WSUsernameTokenPrincipalImpl(policy.getUserName(), false);
+                ((WSUsernameTokenPrincipalImpl)p).setPassword(policy.getPassword());
+            }
+            message.put(SecurityContext.class, createSecurityContext(p));
         } catch (Exception ex) {
             throw new Fault(ex);
         }
@@ -83,18 +98,28 @@ public class AuthPolicyValidatingInterceptor extends AbstractPhaseInterceptor<Me
     protected UsernameToken convertPolicyToToken(AuthorizationPolicy policy) 
         throws Exception {
 
-        DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-        DocumentBuilder builder = factory.newDocumentBuilder();
-        Document doc = builder.newDocument();
-        
+        Document doc = DOMUtils.createDocument();
         UsernameToken token = new UsernameToken(false, doc, 
                                                 WSConstants.PASSWORD_TEXT);
         token.setName(policy.getUserName());
         token.setPassword(policy.getPassword());
         return token;
     }
+    
+    protected SecurityContext createSecurityContext(final Principal p) {
+        return new SecurityContext() {
+
+            public Principal getUserPrincipal() {
+                return p;
+            }
+
+            public boolean isUserInRole(String arg0) {
+                return false;
+            }
+        };
+    }
 
-    public void setValidator(STSTokenValidator validator) {
+    public void setValidator(Validator validator) {
         this.validator = validator;
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/26d332eb/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
index 6dfd3b4..bf0d328 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
@@ -23,7 +23,6 @@ import java.util.Arrays;
 import java.util.List;
 import org.w3c.dom.Element;
 
-import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.service.model.EndpointInfo;
@@ -61,7 +60,7 @@ public class STSTokenValidator implements Validator {
             return credential;
         }
         
-        return validateWithSTS(credential, (SoapMessage)data.getMsgContext());
+        return validateWithSTS(credential, (Message)data.getMsgContext());
     }
     
     public Credential validateWithSTS(Credential credential, Message message) throws WSSecurityException
{

http://git-wip-us.apache.org/repos/asf/cxf/blob/26d332eb/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/basic_auth/JaxrsBasicAuthTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/basic_auth/JaxrsBasicAuthTest.java
b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/basic_auth/JaxrsBasicAuthTest.java
index 7d8df4a..d55f47a 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/basic_auth/JaxrsBasicAuthTest.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/basic_auth/JaxrsBasicAuthTest.java
@@ -71,13 +71,24 @@ public class JaxrsBasicAuthTest extends AbstractBusClientServerTestBase
{
 
         doubleIt("alice", "trombon", true);
     }
+    
+    @org.junit.Test
+    public void testNoBasicAuth() throws Exception {
+
+        doubleIt(null, null, true);
+    }
 
     private static void doubleIt(String username, String password, boolean authFailureExpected)
{
         final String configLocation = "org/apache/cxf/systest/sts/basic_auth/cxf-client.xml";
         final String address = "https://localhost:" + PORT + "/doubleit/services/doubleit-rs";
         final int numToDouble = 25;  
        
-        WebClient client = WebClient.create(address, username, password, configLocation);
+        WebClient client = null;
+        if (username != null && password != null) {
+            client = WebClient.create(address, username, password, configLocation);
+        } else {
+            client = WebClient.create(address, configLocation);
+        }
         client.type("text/plain").accept("text/plain");
         try {
             int resp = client.post(numToDouble, Integer.class);


Mime
View raw message