Return-Path: 
 <commits-return-35118-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 2FB959885
	for <apmail-cxf-commits-archive@www.apache.org>;
 Tue, 16 Dec 2014 14:24:33 +0000 (UTC)
Received: (qmail 53852 invoked by uid 500); 16 Dec 2014 14:24:33 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 53791 invoked by uid 500); 16 Dec 2014 14:24:33 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 53782 invoked by uid 99); 16 Dec 2014 14:24:33 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Dec 2014 14:24:33 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id 40368A2C5B3; Tue, 16 Dec 2014 14:24:31 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: coheigea@apache.org
To: commits@cxf.apache.org
Message-Id: <e34bdc77000147e3a43fefc2a8f7dd07@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: cxf git commit: Use principal from the validation process if
 available
Date: Tue, 16 Dec 2014 14:24:31 +0000 (UTC)

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 6057b95ed -> 0ef8f352e


Use principal from the validation process if available


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0ef8f352
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0ef8f352
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0ef8f352

Branch: refs/heads/3.0.x-fixes
Commit: 0ef8f352e25ca1a15754a34af948a49ffc7e1fbc
Parents: 6057b95
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Dec 16 13:54:54 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Dec 16 14:16:43 2014 +0000

----------------------------------------------------------------------
 .../cxf/sts/token/validator/SAMLTokenValidator.java | 13 ++++++++-----
 .../sts/token/validator/UsernameTokenValidator.java | 16 ++++++++++------
 .../cxf/sts/token/validator/X509TokenValidator.java |  7 ++++++-
 3 files changed, 24 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/0ef8f352/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
index 823e379..bd31688 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
@@ -44,7 +44,6 @@ import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.principal.SAMLTokenPrincipal;
 import org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl;
 import org.apache.wss4j.common.saml.SAMLKeyInfo;
 import org.apache.wss4j.common.saml.SAMLUtil;
@@ -151,9 +150,6 @@ public class SAMLTokenValidator implements TokenValidator {
             Element validateTargetElement = (Element)validateTarget.getToken();
             SamlAssertionWrapper assertion = new SamlAssertionWrapper(validateTargetElement);
             
-            SAMLTokenPrincipal samlPrincipal = new SAMLTokenPrincipalImpl(assertion);
-            response.setPrincipal(samlPrincipal);
-            
             if (!assertion.isSigned()) {
                 LOG.log(Level.WARNING, "The received assertion is not signed, and therefore not trusted");
                 return response;
@@ -193,6 +189,7 @@ public class SAMLTokenValidator implements TokenValidator {
                 secToken = null;
             }
             
+            Principal principal = null;
             if (secToken == null) {
                 // Validate the assertion against schemas/profiles
                 validateAssertion(assertion);
@@ -203,6 +200,7 @@ public class SAMLTokenValidator implements TokenValidator {
                 trustCredential.setCertificates(samlKeyInfo.getCerts());
     
                 trustCredential = validator.validate(trustCredential, requestData);
+                principal = trustCredential.getPrincipal();
 
                 // Finally check that subject DN of the signing certificate matches a known constraint
                 X509Certificate cert = null;
@@ -215,10 +213,14 @@ public class SAMLTokenValidator implements TokenValidator {
                 }
             }
             
+            if (principal == null) {
+                principal = new SAMLTokenPrincipalImpl(assertion);
+            }
+            
             // Parse roles from the validated token
             if (samlRoleParser != null) {
                 Set<Principal> roles = 
-                    samlRoleParser.parseRolesFromAssertion(samlPrincipal, null, assertion);
+                    samlRoleParser.parseRolesFromAssertion(principal, null, assertion);
                 response.setRoles(roles);
             }
            
@@ -254,6 +256,7 @@ public class SAMLTokenValidator implements TokenValidator {
             Map<String, Object> addProps = new HashMap<String, Object>();
             addProps.put(SamlAssertionWrapper.class.getName(), assertion);
             response.setAdditionalProperties(addProps);
+            response.setPrincipal(principal);
             
             validateTarget.setState(STATE.VALID);
         } catch (WSSecurityException ex) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/0ef8f352/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
index a8a175a..317d698 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
@@ -188,16 +188,20 @@ public class UsernameTokenValidator implements TokenValidator {
                 }
             }
             
+            Principal principal = null;
             if (secToken == null) {
                 Credential credential = new Credential();
                 credential.setUsernametoken(ut);
-                validator.validate(credential, requestData);
+                credential = validator.validate(credential, requestData);
+                principal = credential.getPrincipal();
+            }
+           
+            if (principal == null) {
+                principal = 
+                    createPrincipal(
+                        ut.getName(), ut.getPassword(), ut.getPasswordType(), ut.getNonce(), ut.getCreated()
+                    );
             }
-            
-            Principal principal = 
-                createPrincipal(
-                    ut.getName(), ut.getPassword(), ut.getPasswordType(), ut.getNonce(), ut.getCreated()
-                );
             
             // Get the realm of the UsernameToken
             String tokenRealm = null;

http://git-wip-us.apache.org/repos/asf/cxf/blob/0ef8f352/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
index 6b3847c..368ed54 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
@@ -18,6 +18,7 @@
  */
 package org.apache.cxf.sts.token.validator;
 
+import java.security.Principal;
 import java.security.cert.X509Certificate;
 import java.util.List;
 import java.util.logging.Level;
@@ -154,7 +155,11 @@ public class X509TokenValidator implements TokenValidator {
             }
 
             Credential returnedCredential = validator.validate(credential, requestData);
-            response.setPrincipal(returnedCredential.getCertificates()[0].getSubjectX500Principal());
+            Principal principal = returnedCredential.getPrincipal();
+            if (principal == null) {
+                principal = returnedCredential.getCertificates()[0].getSubjectX500Principal();
+            }
+            response.setPrincipal(principal);
             validateTarget.setState(STATE.VALID);
         } catch (WSSecurityException ex) {
             LOG.log(Level.WARNING, "", ex);