cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/3] git commit: Add a way to enable credential delegation via a property
Date Fri, 08 Aug 2014 10:22:24 GMT
Add a way to enable credential delegation via a property

Conflicts:
	rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5bc0ba9a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5bc0ba9a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5bc0ba9a

Branch: refs/heads/2.7.x-fixes
Commit: 5bc0ba9a44e0f308b617042757e8258b303535e4
Parents: 6c27ad0
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Aug 8 11:16:35 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Aug 8 11:19:34 2014 +0100

----------------------------------------------------------------------
 .../cxf/ws/security/SecurityConstants.java      | 27 +++++++++++++++++++-
 .../cxf/ws/security/kerberos/KerberosUtils.java |  7 +++++
 2 files changed, 33 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/5bc0ba9a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index adc932d..b563c5d 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -201,6 +201,31 @@ public final class SecurityConstants {
     public static final String VALIDATE_SAML_SUBJECT_CONFIRMATION = 
         "ws-security.validate.saml.subject.conf";
     
+<<<<<<< HEAD
+=======
+    /**
+     * Whether to enable streaming WS-Security. If set to false (the default), the old DOM
+     * implementation is used. If set to true, the new streaming (StAX) implementation is
used.
+     */
+    public static final String ENABLE_STREAMING_SECURITY = 
+        "ws-security.enable.streaming";
+    
+    /**
+     * Whether to return the security error message to the client, and not one of the default
error
+     * QNames. The default is false.
+     */
+    public static final String RETURN_SECURITY_ERROR = "ws-security.return.security.error";
+    
+    /**
+     * Whether to use credential delegation or not in the KerberosClient. If this is set
to "true",
+     * then it tries to get a GSSCredential Object from the Message Context using the 
+     * DELEGATED_CREDENTIAL configuration tag below, and then use this to obtain a service
ticket.
+     * The default is "false".
+     */
+    public static final String KERBEROS_USE_CREDENTIAL_DELEGATION = 
+        "ws-security.kerberos.use.credential.delegation";
+    
+>>>>>>> e86ad8d... Add a way to enable credential delegation via a property
     //
     // Non-boolean WS-Security Configuration parameters
     //
@@ -565,7 +590,7 @@ public final class SecurityConstants {
             TOKEN, TOKEN_ID, SUBJECT_ROLE_CLASSIFIER, SUBJECT_ROLE_CLASSIFIER_TYPE, MUST_UNDERSTAND,
             ASYMMETRIC_SIGNATURE_ALGORITHM, ENABLE_SAML_ONE_TIME_USE_CACHE, SAML_ONE_TIME_USE_CACHE_INSTANCE,
             CACHE_IDENTIFIER, CACHE_ISSUED_TOKEN_IN_ENDPOINT, PREFER_WSMEX_OVER_STS_CLIENT_CONFIG,
-            DELEGATED_CREDENTIAL
+            DELEGATED_CREDENTIAL, KERBEROS_USE_CREDENTIAL_DELEGATION
         }));
         ALL_PROPERTIES = Collections.unmodifiableSet(s);
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/5bc0ba9a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
index 63a7287..42f4794 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
@@ -23,6 +23,7 @@ import javax.security.auth.callback.CallbackHandler;
 
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.ws.security.SecurityConstants;
 
 /**
@@ -48,9 +49,15 @@ public final class KerberosUtils {
                 getCallbackHandler(
                     message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER)
                 );
+            boolean useCredentialDelegation = 
+                MessageUtils.getContextualBoolean(message, 
+                                              SecurityConstants.KERBEROS_USE_CREDENTIAL_DELEGATION,

+                                              false);
+            
             client.setContextName(jaasContext);
             client.setServiceName(kerberosSpn);
             client.setCallbackHandler(callbackHandler);
+            client.setUseDelegatedCredential(useCredentialDelegation);
         }
         return client;
     }


Mime
View raw message