cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: [CXF-5748] - Improve WS-Security Kerberos configuration
Date Mon, 19 May 2014 11:48:09 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 1091ca3db -> 10969ab68


[CXF-5748] - Improve WS-Security Kerberos configuration


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/10969ab6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/10969ab6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/10969ab6

Branch: refs/heads/master
Commit: 10969ab68f7f566b88de158bf78f3b9e51384776
Parents: 1091ca3
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon May 19 12:47:43 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon May 19 12:47:43 2014 +0100

----------------------------------------------------------------------
 .../cxf/ws/security/SecurityConstants.java      |  4 +--
 .../cxf/ws/security/kerberos/KerberosUtils.java | 30 +++++++++++++++++++
 .../systest/ws/kerberos/KerberosTokenTest.java  | 31 ++++++++++++++++++++
 .../systest/ws/kerberos/DoubleItKerberos.wsdl   |  3 ++
 .../apache/cxf/systest/ws/kerberos/client.xml   |  6 ++++
 .../apache/cxf/systest/ws/kerberos/server.xml   |  6 ++++
 .../cxf/systest/ws/kerberos/stax-server.xml     |  6 ++++
 7 files changed, 84 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/10969ab6/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index d9dc87c..993c0c0 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -256,12 +256,12 @@ public final class SecurityConstants {
     public static final String SPNEGO_CLIENT_ACTION = "ws-security.spnego.client.action";
     
     /**
-     * The JAAS Context name to use for Kerberos. This is currently only supported for SPNEGO.
+     * The JAAS Context name to use for Kerberos.
      */
     public static final String KERBEROS_JAAS_CONTEXT_NAME = "ws-security.kerberos.jaas.context";
     
     /**
-     * The Kerberos Service Provider Name (spn) to use. This is currently only supported
for SPNEGO.
+     * The Kerberos Service Provider Name (spn) to use.
      */
     public static final String KERBEROS_SPN = "ws-security.kerberos.spn";
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/10969ab6/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
index cbd253a..63a7287 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
@@ -19,6 +19,9 @@
 
 package org.apache.cxf.ws.security.kerberos;
 
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.security.SecurityConstants;
 
@@ -36,8 +39,35 @@ public final class KerberosUtils {
             .getContextualProperty(SecurityConstants.KERBEROS_CLIENT);
         if (client == null) {
             client = new KerberosClient();
+            
+            String jaasContext = 
+                (String)message.getContextualProperty(SecurityConstants.KERBEROS_JAAS_CONTEXT_NAME);
+            String kerberosSpn = 
+                (String)message.getContextualProperty(SecurityConstants.KERBEROS_SPN);
+            CallbackHandler callbackHandler = 
+                getCallbackHandler(
+                    message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER)
+                );
+            client.setContextName(jaasContext);
+            client.setServiceName(kerberosSpn);
+            client.setCallbackHandler(callbackHandler);
         }
         return client;
     }
     
+    private static CallbackHandler getCallbackHandler(Object o) {
+        CallbackHandler handler = null;
+        if (o instanceof CallbackHandler) {
+            handler = (CallbackHandler)o;
+        } else if (o instanceof String) {
+            try {
+                handler = (CallbackHandler)ClassLoaderUtils.loadClass((String)o, 
+                                                                      KerberosUtils.class).newInstance();
+            } catch (Exception e) {
+                handler = null;
+            }
+        }
+        return handler;
+    }
+    
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/10969ab6/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
index c9c6a4b..29d112c 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
@@ -133,6 +133,37 @@ public class KerberosTokenTest extends AbstractBusClientServerTestBase
{
     }
     
     @org.junit.Test
+    public void testKerberosOverTransportDifferentConfiguration() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = KerberosTokenTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = KerberosTokenTest.class.getResource("DoubleItKerberos.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItKerberosTransportPort2");
+        DoubleItPortType kerberosPort = 
+                service.getPort(portQName, DoubleItPortType.class);
+        String portNumber = PORT2;
+        if (STAX_PORT.equals(test.getPort())) {
+            portNumber = STAX_PORT2;
+        }
+        updateAddressPort(kerberosPort, portNumber);
+        
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(kerberosPort);
+        }
+        
+        kerberosPort.doubleIt(25);
+        
+        ((java.io.Closeable)kerberosPort).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testKerberosOverSymmetric() throws Exception {
         
         if (!unrestrictedPoliciesInstalled) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/10969ab6/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl
index 24739ee..86f24b5 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl
@@ -255,6 +255,9 @@
         <wsdl:port name="DoubleItKerberosTransportPort" binding="tns:DoubleItKerberosTransportBinding">
             <soap:address location="https://localhost:9009/DoubleItKerberosTransport"/>
         </wsdl:port>
+        <wsdl:port name="DoubleItKerberosTransportPort2" binding="tns:DoubleItKerberosTransportBinding">
+            <soap:address location="https://localhost:9009/DoubleItKerberosTransport2"/>
+        </wsdl:port>
         <wsdl:port name="DoubleItKerberosSymmetricPort" binding="tns:DoubleItKerberosSymmetricBinding">
             <soap:address location="http://localhost:9001/DoubleItKerberosSymmetric"/>
         </wsdl:port>

http://git-wip-us.apache.org/repos/asf/cxf/blob/10969ab6/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client.xml
index 05a0c4c..8d276c3 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client.xml
@@ -46,6 +46,12 @@
             </entry>
         </jaxws:properties>
     </jaxws:client>
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItKerberosTransportPort2"
createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.kerberos.jaas.context" value="alice" />
+            <entry key="ws-security.kerberos.spn" value="bob@service.ws.apache.org" />
+        </jaxws:properties>
+    </jaxws:client>
     <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricPort"
createdFromAPI="true">
         <jaxws:properties>
             <entry key="ws-security.encryption.properties" value="bob.properties"/>

http://git-wip-us.apache.org/repos/asf/cxf/blob/10969ab6/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server.xml
index a79b12f..7f3c5a0 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server.xml
@@ -60,6 +60,12 @@
             <entry key="ws-security.bst.validator" value-ref="kerberosValidator"/>
         </jaxws:properties>
     </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="KerberosOverTransport2"
address="https://localhost:${testutil.ports.Server.2}/DoubleItKerberosTransport2" serviceName="s:DoubleItService"
endpointName="s:DoubleItKerberosTransportPort2" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
wsdlLocation="org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl" depends-on="tls-settings">
+        <jaxws:properties>
+            <entry key="ws-security.is-bsp-compliant" value="false"/>
+            <entry key="ws-security.bst.validator" value-ref="kerberosValidator"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="KerberosOverSymmetric"
address="http://localhost:${testutil.ports.Server}/DoubleItKerberosSymmetric" serviceName="s:DoubleItService"
endpointName="s:DoubleItKerberosSymmetricPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
wsdlLocation="org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl">
         <jaxws:properties>
             <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>

http://git-wip-us.apache.org/repos/asf/cxf/blob/10969ab6/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/stax-server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/stax-server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/stax-server.xml
index 9969a75..8e33118 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/stax-server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/stax-server.xml
@@ -56,6 +56,12 @@
             <entry key="ws-security.enable.streaming" value="true"/>
         </jaxws:properties>
     </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="KerberosOverTransport2"
address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItKerberosTransport2" serviceName="s:DoubleItService"
endpointName="s:DoubleItKerberosTransportPort2" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
wsdlLocation="org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl" depends-on="tls-settings">
+        <jaxws:properties>
+            <entry key="ws-security.is-bsp-compliant" value="false"/>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="KerberosOverSymmetric"
address="http://localhost:${testutil.ports.StaxServer}/DoubleItKerberosSymmetric" serviceName="s:DoubleItService"
endpointName="s:DoubleItKerberosSymmetricPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
wsdlLocation="org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl">
         <jaxws:properties>
             <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.kerberos.KerberosPasswordCallback"/>


Mime
View raw message