cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/2] cxf git commit: Refactor of "BasicAuthFilter"
Date Fri, 05 Feb 2016 14:54:56 GMT
Repository: cxf
Updated Branches:
  refs/heads/master f5606894d -> 307ddaf6f


Refactor of "BasicAuthFilter"


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/307ddaf6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/307ddaf6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/307ddaf6

Branch: refs/heads/master
Commit: 307ddaf6fe29102d5dc67b66749eb80ad60ce38e
Parents: ba7eab4
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Feb 5 14:54:03 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Feb 5 14:54:44 2016 +0000

----------------------------------------------------------------------
 .../features/src/main/resources/features.xml    |   5 +-
 rt/security-saml/pom.xml                        |   2 +-
 .../interceptor/WSS4JBasicAuthValidator.java    | 166 +++++++++++++++++++
 .../trust/AuthPolicyValidatingInterceptor.java  | 117 ++++---------
 .../cxf/systest/sts/rest/BasicAuthFilter.java   | 117 -------------
 .../systest/sts/rest/WSS4JBasicAuthFilter.java  |  54 ++++++
 .../cxf/systest/sts/rest/cxf-rest-sts.xml       |   2 +-
 .../security/oauth2/common/BasicAuthFilter.java | 117 -------------
 .../oauth2/common/WSS4JBasicAuthFilter.java     |  54 ++++++
 .../security/oauth2/filters/oauth20-server.xml  |   2 +-
 .../oauth2/grants/grants-negative-server.xml    |   2 +-
 .../security/oauth2/grants/grants-server.xml    |   2 +-
 12 files changed, 311 insertions(+), 329 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/307ddaf6/osgi/karaf/features/src/main/resources/features.xml
----------------------------------------------------------------------
diff --git a/osgi/karaf/features/src/main/resources/features.xml b/osgi/karaf/features/src/main/resources/features.xml
index 3d3a128..5e509ac 100644
--- a/osgi/karaf/features/src/main/resources/features.xml
+++ b/osgi/karaf/features/src/main/resources/features.xml
@@ -114,14 +114,13 @@
         <bundle start-level="40">mvn:org.apache.cxf/cxf-rt-ws-mex/${project.version}</bundle>
     </feature>
     <feature name="cxf-ws-security" version="${project.version}" resolver="(obr)">
-        <feature version="${project.version}">cxf-rt-security</feature>
-        <feature version="${project.version}">cxf-ws-policy</feature>
         <feature version="${cxf.wss4j.version}">wss4j</feature>
+        <feature version="${project.version}">cxf-rt-security-saml</feature>
+        <feature version="${project.version}">cxf-ws-policy</feature>
         <feature version="${project.version}">cxf-ws-addr</feature>
         <bundle dependency="true">mvn:org.apache.geronimo.specs/geronimo-jta_1.1_spec/${cxf.geronimo.transaction.version}</bundle>
         <bundle start-level="40" dependency="true">mvn:net.sf.ehcache/ehcache/${cxf.ehcache.version}</bundle>
         <bundle start-level="40">mvn:org.apache.cxf/cxf-rt-ws-security/${project.version}</bundle>
-        <bundle start-level="40">mvn:org.apache.cxf/cxf-rt-security-saml/${project.version}</bundle>
     </feature>
     <feature name="cxf-rt-security" version="${project.version}" resolver="(obr)">
         <feature version="${project.version}">cxf-core</feature>

http://git-wip-us.apache.org/repos/asf/cxf/blob/307ddaf6/rt/security-saml/pom.xml
----------------------------------------------------------------------
diff --git a/rt/security-saml/pom.xml b/rt/security-saml/pom.xml
index 351fe56..530b2cd 100644
--- a/rt/security-saml/pom.xml
+++ b/rt/security-saml/pom.xml
@@ -43,7 +43,7 @@
         </dependency>
         <dependency>
             <groupId>org.apache.wss4j</groupId>
-            <artifactId>wss4j-ws-security-common</artifactId>
+            <artifactId>wss4j-ws-security-dom</artifactId>
             <version>${cxf.wss4j.version}</version>
         </dependency>
         <dependency>

http://git-wip-us.apache.org/repos/asf/cxf/blob/307ddaf6/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/WSS4JBasicAuthValidator.java
----------------------------------------------------------------------
diff --git a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/WSS4JBasicAuthValidator.java
b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/WSS4JBasicAuthValidator.java
new file mode 100644
index 0000000..a5fc8b3
--- /dev/null
+++ b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/WSS4JBasicAuthValidator.java
@@ -0,0 +1,166 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rt.security.saml.interceptor;
+
+import java.security.Principal;
+import java.util.Set;
+import java.util.logging.Logger;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.w3c.dom.Document;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.rt.security.SecurityConstants;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
+import org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext;
+import org.apache.cxf.rt.security.saml.utils.SAMLUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
+import org.apache.cxf.security.SecurityContext;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.message.token.UsernameToken;
+import org.apache.wss4j.dom.validate.Credential;
+import org.apache.wss4j.dom.validate.UsernameTokenValidator;
+import org.apache.wss4j.dom.validate.Validator;
+
+/**
+ * An abstract class containing some functionality to validate a username + password received
+ * via HTTP Basic Authentication via a WSS4J Validator (and hence JAAS, the STS, etc.). It
can
+ * be subclasses and used as a CXF interceptor or else via a JAX-RS ContainerRequestFilter.
+ */
+public abstract class WSS4JBasicAuthValidator {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(WSS4JBasicAuthValidator.class);
+    private static final String SAML_ROLE_ATTRIBUTENAME_DEFAULT =
+        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
+    
+    private Validator validator;
+    private CallbackHandler callbackHandler;
+    
+    protected void validate(Message message) throws WSSecurityException {
+
+        AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
+        if (policy == null || policy.getUserName() == null || policy.getPassword() == null)
{
+            String name = null;
+            if (policy != null) {
+                name = policy.getUserName();
+            }
+            String errorMsg = "No user name and/or password is available, name: " + name;
+            LOG.warning(errorMsg);
+            throw new SecurityException(errorMsg);
+        }
+
+        UsernameToken token = convertPolicyToToken(policy);
+        Credential credential = new Credential();
+        credential.setUsernametoken(token);
+
+        RequestData data = new RequestData();
+        data.setMsgContext(message);
+        data.setCallbackHandler(callbackHandler);
+        credential = getValidator().validate(credential, data);
+
+        // Create a Principal/SecurityContext
+        SecurityContext sc = null;
+        if (credential != null && credential.getPrincipal() != null) {
+            sc = createSecurityContext(message, credential);
+        } else {
+            Principal p = new WSUsernameTokenPrincipalImpl(policy.getUserName(), false);
+            ((WSUsernameTokenPrincipalImpl)p).setPassword(policy.getPassword());
+            sc = createSecurityContext(p);
+        }
+
+        message.put(SecurityContext.class, sc);
+    }
+
+    protected UsernameToken convertPolicyToToken(AuthorizationPolicy policy) {
+
+        Document doc = DOMUtils.createDocument();
+        UsernameToken token = new UsernameToken(false, doc, 
+                                                WSConstants.PASSWORD_TEXT);
+        token.setName(policy.getUserName());
+        token.setPassword(policy.getPassword());
+        return token;
+    }
+    
+    protected SecurityContext createSecurityContext(final Principal p) {
+        return new SecurityContext() {
+
+            public Principal getUserPrincipal() {
+                return p;
+            }
+
+            public boolean isUserInRole(String arg0) {
+                return false;
+            }
+        };
+    }
+    
+    protected SecurityContext createSecurityContext(Message msg, Credential credential) {
+        SamlAssertionWrapper samlAssertion = credential.getTransformedToken();
+        if (samlAssertion == null) {
+            samlAssertion = credential.getSamlAssertion();
+        }
+        if (samlAssertion != null) {
+            String roleAttributeName = 
+                (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME,
msg);
+            if (roleAttributeName == null || roleAttributeName.length() == 0) {
+                roleAttributeName = SAML_ROLE_ATTRIBUTENAME_DEFAULT;
+            }
+
+            ClaimCollection claims = 
+                SAMLUtils.getClaims((SamlAssertionWrapper)samlAssertion);
+            Set<Principal> roles = 
+                SAMLUtils.parseRolesFromClaims(claims, roleAttributeName, null);
+
+            SAMLSecurityContext context = 
+                new SAMLSecurityContext(credential.getPrincipal(), roles, claims);
+            context.setIssuer(SAMLUtils.getIssuer(samlAssertion));
+            context.setAssertionElement(SAMLUtils.getAssertionElement(samlAssertion));
+            return context;
+        } else {
+            return createSecurityContext(credential.getPrincipal());
+        }
+    }
+
+    public Validator getValidator() {
+        if (validator != null) {
+            return validator;
+        }
+        return new UsernameTokenValidator();
+    }
+    
+    public void setValidator(Validator validator) {
+        this.validator = validator;
+    }
+    
+    public CallbackHandler getCallbackHandler() {
+        return callbackHandler;
+    }
+
+    public void setCallbackHandler(CallbackHandler callbackHandler) {
+        this.callbackHandler = callbackHandler;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/307ddaf6/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AuthPolicyValidatingInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AuthPolicyValidatingInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AuthPolicyValidatingInterceptor.java
index c1613c4..a747572 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AuthPolicyValidatingInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AuthPolicyValidatingInterceptor.java
@@ -18,48 +18,35 @@
  */
 package org.apache.cxf.ws.security.trust;
 
-import java.security.Principal;
+import java.util.Collection;
+import java.util.Collections;
 import java.util.ResourceBundle;
 import java.util.Set;
 import java.util.logging.Logger;
 
-import org.w3c.dom.Document;
 import org.apache.cxf.common.i18n.BundleUtils;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.configuration.security.AuthorizationPolicy;
-import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.Message;
-import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
-import org.apache.cxf.rt.security.claims.ClaimCollection;
-import org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext;
-import org.apache.cxf.rt.security.saml.utils.SAMLUtils;
-import org.apache.cxf.rt.security.utils.SecurityUtils;
-import org.apache.cxf.security.SecurityContext;
-import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
-import org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.handler.RequestData;
-import org.apache.wss4j.dom.message.token.UsernameToken;
-import org.apache.wss4j.dom.validate.Credential;
-import org.apache.wss4j.dom.validate.Validator;
+import org.apache.cxf.phase.PhaseInterceptor;
+import org.apache.cxf.rt.security.saml.interceptor.WSS4JBasicAuthValidator;
 
-public class AuthPolicyValidatingInterceptor extends AbstractPhaseInterceptor<Message>
{
+public class AuthPolicyValidatingInterceptor 
+    extends WSS4JBasicAuthValidator implements PhaseInterceptor<Message> {
 
     private static final ResourceBundle BUNDLE = BundleUtils.getBundle(AuthPolicyValidatingInterceptor.class);
     private static final Logger LOG = LogUtils.getL7dLogger(AuthPolicyValidatingInterceptor.class);
     
-    private Validator validator;
+    private String phase;
     
     public AuthPolicyValidatingInterceptor() {
         this(Phase.UNMARSHAL);
     }
     
     public AuthPolicyValidatingInterceptor(String phase) {
-        super(phase);
+        this.phase = phase;
     }
     
     public void handleMessage(Message message) throws Fault {
@@ -77,85 +64,41 @@ public class AuthPolicyValidatingInterceptor extends AbstractPhaseInterceptor<Me
             LOG.warning(errorMsg.toString());
             throw new SecurityException(errorMsg.toString());
         }
-        
+
         try {
-            UsernameToken token = convertPolicyToToken(policy);
-            Credential credential = new Credential();
-            credential.setUsernametoken(token);
-            
-            RequestData data = new RequestData();
-            data.setMsgContext(message);
-            credential = validator.validate(credential, data);
-            
-            // Create a Principal/SecurityContext
-            SecurityContext sc = null;
-            if (credential != null && credential.getPrincipal() != null) {
-                sc = createSecurityContext(message, credential);
-            } else {
-                Principal p = new WSUsernameTokenPrincipalImpl(policy.getUserName(), false);
-                ((WSUsernameTokenPrincipalImpl)p).setPassword(policy.getPassword());
-                sc = createSecurityContext(p);
-            }
-            
-            message.put(SecurityContext.class, sc);
+            super.validate(message);
         } catch (Exception ex) {
             throw new Fault(ex);
         }
     }
 
-    protected UsernameToken convertPolicyToToken(AuthorizationPolicy policy) 
-        throws Exception {
-
-        Document doc = DOMUtils.createDocument();
-        UsernameToken token = new UsernameToken(false, doc, 
-                                                WSConstants.PASSWORD_TEXT);
-        token.setName(policy.getUserName());
-        token.setPassword(policy.getPassword());
-        return token;
+    @Override
+    public void handleFault(Message arg0) {
     }
-    
-    protected SecurityContext createSecurityContext(final Principal p) {
-        return new SecurityContext() {
 
-            public Principal getUserPrincipal() {
-                return p;
-            }
+    @Override
+    public Collection<PhaseInterceptor<? extends Message>> getAdditionalInterceptors()
{
+        return null;
+    }
 
-            public boolean isUserInRole(String arg0) {
-                return false;
-            }
-        };
+    @Override
+    public Set<String> getAfter() {
+        return Collections.emptySet();
     }
-    
-    protected SecurityContext createSecurityContext(Message msg, Credential credential) {
-        SamlAssertionWrapper samlAssertion = credential.getTransformedToken();
-        if (samlAssertion == null) {
-            samlAssertion = credential.getSamlAssertion();
-        }
-        if (samlAssertion != null) {
-            String roleAttributeName = 
-                (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME,
msg);
-            if (roleAttributeName == null || roleAttributeName.length() == 0) {
-                roleAttributeName = WSS4JInInterceptor.SAML_ROLE_ATTRIBUTENAME_DEFAULT;
-            }
 
-            ClaimCollection claims = 
-                SAMLUtils.getClaims((SamlAssertionWrapper)samlAssertion);
-            Set<Principal> roles = 
-                SAMLUtils.parseRolesFromClaims(claims, roleAttributeName, null);
+    @Override
+    public Set<String> getBefore() {
+        return Collections.emptySet();
+    }
 
-            SAMLSecurityContext context = 
-                new SAMLSecurityContext(credential.getPrincipal(), roles, claims);
-            context.setIssuer(SAMLUtils.getIssuer(samlAssertion));
-            context.setAssertionElement(SAMLUtils.getAssertionElement(samlAssertion));
-            return context;
-        } else {
-            return createSecurityContext(credential.getPrincipal());
-        }
+    @Override
+    public String getId() {
+        return getClass().getName();
     }
 
-    public void setValidator(Validator validator) {
-        this.validator = validator;
+    @Override
+    public String getPhase() {
+        return phase;
     }
-    
+
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/307ddaf6/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/BasicAuthFilter.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/BasicAuthFilter.java
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/BasicAuthFilter.java
deleted file mode 100644
index 30b0b86..0000000
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/BasicAuthFilter.java
+++ /dev/null
@@ -1,117 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.systest.sts.rest;
-
-import java.io.IOException;
-import java.security.Principal;
-
-import javax.security.auth.callback.CallbackHandler;
-import javax.ws.rs.container.ContainerRequestContext;
-import javax.ws.rs.container.ContainerRequestFilter;
-import javax.ws.rs.core.Response;
-
-import org.w3c.dom.Document;
-
-import org.apache.cxf.configuration.security.AuthorizationPolicy;
-import org.apache.cxf.helpers.DOMUtils;
-import org.apache.cxf.jaxrs.utils.ExceptionUtils;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.security.SecurityContext;
-import org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl;
-import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.handler.RequestData;
-import org.apache.wss4j.dom.message.token.UsernameToken;
-import org.apache.wss4j.dom.validate.Credential;
-import org.apache.wss4j.dom.validate.UsernameTokenValidator;
-
-/**
- * A simple filter to validate a Basic Auth username/password via a CallbackHandler
- */
-public class BasicAuthFilter implements ContainerRequestFilter {
-
-    private CallbackHandler callbackHandler;
-    
-    public void filter(ContainerRequestContext requestContext) throws IOException {
-        Message message = JAXRSUtils.getCurrentMessage();
-        AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
-        
-        if (policy == null || policy.getUserName() == null || policy.getPassword() == null)
{
-            requestContext.abortWith(
-                Response.status(401).header("WWW-Authenticate", "Basic realm=\"IdP\"").build());
-        }
-
-        try {
-            UsernameToken token = convertPolicyToToken(policy);
-            Credential credential = new Credential();
-            credential.setUsernametoken(token);
-            
-            RequestData data = new RequestData();
-            data.setMsgContext(message);
-            data.setCallbackHandler(callbackHandler);
-            UsernameTokenValidator validator = new UsernameTokenValidator();
-            credential = validator.validate(credential, data);
-            
-            // Create a Principal/SecurityContext
-            Principal p = null;
-            if (credential != null && credential.getPrincipal() != null) {
-                p = credential.getPrincipal();
-            } else {
-                p = new WSUsernameTokenPrincipalImpl(policy.getUserName(), false);
-                ((WSUsernameTokenPrincipalImpl)p).setPassword(policy.getPassword());
-            }
-            message.put(SecurityContext.class, createSecurityContext(p));
-        } catch (Exception ex) {
-            throw ExceptionUtils.toInternalServerErrorException(ex, null);
-        }
-    }
-
-    protected UsernameToken convertPolicyToToken(AuthorizationPolicy policy) 
-        throws Exception {
-
-        Document doc = DOMUtils.createDocument();
-        UsernameToken token = new UsernameToken(false, doc, 
-                                                WSConstants.PASSWORD_TEXT);
-        token.setName(policy.getUserName());
-        token.setPassword(policy.getPassword());
-        return token;
-    }
-    
-    protected SecurityContext createSecurityContext(final Principal p) {
-        return new SecurityContext() {
-
-            public Principal getUserPrincipal() {
-                return p;
-            }
-
-            public boolean isUserInRole(String arg0) {
-                return false;
-            }
-        };
-    }
-
-    public CallbackHandler getCallbackHandler() {
-        return callbackHandler;
-    }
-
-    public void setCallbackHandler(CallbackHandler callbackHandler) {
-        this.callbackHandler = callbackHandler;
-    }
-
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/307ddaf6/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/WSS4JBasicAuthFilter.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/WSS4JBasicAuthFilter.java
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/WSS4JBasicAuthFilter.java
new file mode 100644
index 0000000..08873cf
--- /dev/null
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/WSS4JBasicAuthFilter.java
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.rest;
+
+import java.io.IOException;
+
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.core.Response;
+
+import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.jaxrs.utils.ExceptionUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.rt.security.saml.interceptor.WSS4JBasicAuthValidator;
+
+/**
+ * Extends the WSS4J validator as a JAX-RS request filter
+ */
+public class WSS4JBasicAuthFilter extends WSS4JBasicAuthValidator implements ContainerRequestFilter
{
+
+    public void filter(ContainerRequestContext requestContext) throws IOException {
+        Message message = JAXRSUtils.getCurrentMessage();
+        AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
+        
+        if (policy == null || policy.getUserName() == null || policy.getPassword() == null)
{
+            requestContext.abortWith(
+                Response.status(401).header("WWW-Authenticate", "Basic realm=\"IdP\"").build());
+        }
+
+        try {
+            super.validate(message);
+        } catch (Exception ex) {
+            throw ExceptionUtils.toInternalServerErrorException(ex, null);
+        }
+    }
+
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/307ddaf6/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/rest/cxf-rest-sts.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/rest/cxf-rest-sts.xml
b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/rest/cxf-rest-sts.xml
index b61e481..309f3f2 100644
--- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/rest/cxf-rest-sts.xml
+++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/rest/cxf-rest-sts.xml
@@ -106,7 +106,7 @@
     <bean id="jsonProvider" class="com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider"
/>
     
     <bean id="callbackHandler" class="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
-    <bean id="basicAuthFilter" class="org.apache.cxf.systest.sts.rest.BasicAuthFilter">
+    <bean id="basicAuthFilter" class="org.apache.cxf.systest.sts.rest.WSS4JBasicAuthFilter">
         <property name="callbackHandler" ref="callbackHandler"/>
     </bean>
    

http://git-wip-us.apache.org/repos/asf/cxf/blob/307ddaf6/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/BasicAuthFilter.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/BasicAuthFilter.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/BasicAuthFilter.java
deleted file mode 100644
index 1c74e6e..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/BasicAuthFilter.java
+++ /dev/null
@@ -1,117 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.systest.jaxrs.security.oauth2.common;
-
-import java.io.IOException;
-import java.security.Principal;
-
-import javax.security.auth.callback.CallbackHandler;
-import javax.ws.rs.container.ContainerRequestContext;
-import javax.ws.rs.container.ContainerRequestFilter;
-import javax.ws.rs.core.Response;
-
-import org.w3c.dom.Document;
-
-import org.apache.cxf.configuration.security.AuthorizationPolicy;
-import org.apache.cxf.helpers.DOMUtils;
-import org.apache.cxf.jaxrs.utils.ExceptionUtils;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.security.SecurityContext;
-import org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl;
-import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.handler.RequestData;
-import org.apache.wss4j.dom.message.token.UsernameToken;
-import org.apache.wss4j.dom.validate.Credential;
-import org.apache.wss4j.dom.validate.UsernameTokenValidator;
-
-/**
- * A simple filter to validate a Basic Auth username/password via a CallbackHandler
- */
-public class BasicAuthFilter implements ContainerRequestFilter {
-
-    private CallbackHandler callbackHandler;
-    
-    public void filter(ContainerRequestContext requestContext) throws IOException {
-        Message message = JAXRSUtils.getCurrentMessage();
-        AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
-        
-        if (policy == null || policy.getUserName() == null || policy.getPassword() == null)
{
-            requestContext.abortWith(
-                Response.status(401).header("WWW-Authenticate", "Basic realm=\"IdP\"").build());
-        }
-
-        try {
-            UsernameToken token = convertPolicyToToken(policy);
-            Credential credential = new Credential();
-            credential.setUsernametoken(token);
-            
-            RequestData data = new RequestData();
-            data.setMsgContext(message);
-            data.setCallbackHandler(callbackHandler);
-            UsernameTokenValidator validator = new UsernameTokenValidator();
-            credential = validator.validate(credential, data);
-            
-            // Create a Principal/SecurityContext
-            Principal p = null;
-            if (credential != null && credential.getPrincipal() != null) {
-                p = credential.getPrincipal();
-            } else {
-                p = new WSUsernameTokenPrincipalImpl(policy.getUserName(), false);
-                ((WSUsernameTokenPrincipalImpl)p).setPassword(policy.getPassword());
-            }
-            message.put(SecurityContext.class, createSecurityContext(p));
-        } catch (Exception ex) {
-            throw ExceptionUtils.toInternalServerErrorException(ex, null);
-        }
-    }
-
-    protected UsernameToken convertPolicyToToken(AuthorizationPolicy policy) 
-        throws Exception {
-
-        Document doc = DOMUtils.createDocument();
-        UsernameToken token = new UsernameToken(false, doc, 
-                                                WSConstants.PASSWORD_TEXT);
-        token.setName(policy.getUserName());
-        token.setPassword(policy.getPassword());
-        return token;
-    }
-    
-    protected SecurityContext createSecurityContext(final Principal p) {
-        return new SecurityContext() {
-
-            public Principal getUserPrincipal() {
-                return p;
-            }
-
-            public boolean isUserInRole(String arg0) {
-                return false;
-            }
-        };
-    }
-
-    public CallbackHandler getCallbackHandler() {
-        return callbackHandler;
-    }
-
-    public void setCallbackHandler(CallbackHandler callbackHandler) {
-        this.callbackHandler = callbackHandler;
-    }
-
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/307ddaf6/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/WSS4JBasicAuthFilter.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/WSS4JBasicAuthFilter.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/WSS4JBasicAuthFilter.java
new file mode 100644
index 0000000..66958f7
--- /dev/null
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/WSS4JBasicAuthFilter.java
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.security.oauth2.common;
+
+import java.io.IOException;
+
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.core.Response;
+
+import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.jaxrs.utils.ExceptionUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.rt.security.saml.interceptor.WSS4JBasicAuthValidator;
+
+/**
+ * Extends the WSS4J validator as a JAX-RS request filter
+ */
+public class WSS4JBasicAuthFilter extends WSS4JBasicAuthValidator implements ContainerRequestFilter
{
+
+    public void filter(ContainerRequestContext requestContext) throws IOException {
+        Message message = JAXRSUtils.getCurrentMessage();
+        AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
+        
+        if (policy == null || policy.getUserName() == null || policy.getPassword() == null)
{
+            requestContext.abortWith(
+                Response.status(401).header("WWW-Authenticate", "Basic realm=\"IdP\"").build());
+        }
+
+        try {
+            super.validate(message);
+        } catch (Exception ex) {
+            throw ExceptionUtils.toInternalServerErrorException(ex, null);
+        }
+    }
+
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/307ddaf6/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-server.xml
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-server.xml
index 2697208..678d470 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-server.xml
@@ -92,7 +92,7 @@ under the License.
    </bean>
    
    <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
-   <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.BasicAuthFilter">
+   <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
        <property name="callbackHandler" ref="callbackHandler"/>
    </bean>
    

http://git-wip-us.apache.org/repos/asf/cxf/blob/307ddaf6/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server.xml
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server.xml
index 15eb598..80f8f3d 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server.xml
@@ -113,7 +113,7 @@ under the License.
    </bean>
    
    <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
-   <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.BasicAuthFilter">
+   <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
        <property name="callbackHandler" ref="callbackHandler"/>
    </bean>
    

http://git-wip-us.apache.org/repos/asf/cxf/blob/307ddaf6/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server.xml
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server.xml
index 676942d..b8c2314 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server.xml
@@ -113,7 +113,7 @@ under the License.
    </bean>
    
    <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
-   <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.BasicAuthFilter">
+   <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
        <property name="callbackHandler" ref="callbackHandler"/>
    </bean>
    


Mime
View raw message