cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] cxf git commit: Add some hooks to either set or get some information relating to the kerberos authentication process
Date Fri, 08 Sep 2017 14:45:23 GMT
Add some hooks to either set or get some information relating to the kerberos authentication
process

# Conflicts:
#	rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
#	rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/82581d6d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/82581d6d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/82581d6d

Branch: refs/heads/3.1.x-fixes
Commit: 82581d6d720c0c1db73df0c128b3371ad9d734f8
Parents: fe33fce
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Sep 8 15:42:03 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Sep 8 15:45:15 2017 +0100

----------------------------------------------------------------------
 .../jaxrs/security/KerberosAuthenticationFilter.java  | 14 ++++++++------
 .../http/auth/AbstractSpnegoAuthSupplier.java         | 11 +++++++++--
 .../cxf/ws/security/kerberos/KerberosClient.java      |  6 +++++-
 3 files changed, 22 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/82581d6d/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
index 3390104..e3cd617 100644
--- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
+++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
@@ -105,16 +105,13 @@ public class KerberosAuthenticationFilter implements ContainerRequestFilter
{
             if (index > 0) {
                 simpleUserName = simpleUserName.substring(0, index);
             }
+            Message m = JAXRSUtils.getCurrentMessage();
+            m.put(SecurityContext.class, createSecurityContext(simpleUserName, complexUserName,
gssContext));
+
             if (!gssContext.getCredDelegState()) {
                 gssContext.dispose();
                 gssContext = null;
             }
-            Message m = JAXRSUtils.getCurrentMessage();
-            m.put(SecurityContext.class, 
-                new KerberosSecurityContext(new KerberosPrincipal(simpleUserName,
-                                                                  complexUserName),
-                                            gssContext));
-            
         } catch (LoginException e) {
             LOG.fine("Unsuccessful JAAS login for the service principal: " + e.getMessage());
             throw ExceptionUtils.toNotAuthorizedException(e, getFaultResponse());
@@ -127,6 +124,11 @@ public class KerberosAuthenticationFilter implements ContainerRequestFilter
{
         }
     }
 
+    protected SecurityContext createSecurityContext(String simpleUserName, String complexUserName,
+                                                    GSSContext gssContext) {
+        return new KerberosSecurityContext(new KerberosPrincipal(simpleUserName, complexUserName),
gssContext);
+    }
+
     protected GSSContext createGSSContext() throws GSSException {
         boolean useKerberosOid = MessageUtils.isTrue(
             messageContext.getContextualProperty(PROPERTY_USE_KERBEROS_OID));

http://git-wip-us.apache.org/repos/asf/cxf/blob/82581d6d/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
index 172d110..f62947e 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
@@ -138,7 +138,9 @@ public abstract class AbstractSpnegoAuthSupplier {
         if (delegatedCred != null) {
             return context.initSecContext(token, 0, token.length);
         }
-        
+
+        decorateSubject(subject);
+
         try {
             return (byte[])Subject.doAs(subject, new CreateServiceTicketAction(context, token));
         } catch (PrivilegedActionException e) {
@@ -149,7 +151,12 @@ public abstract class AbstractSpnegoAuthSupplier {
             return null;
         }
     }
-    
+
+    // Allow subclasses to decorate the Subject if required.
+    protected void decorateSubject(Subject subject) {
+
+    }
+
     protected boolean isCredDelegationRequired(Message message) { 
         Object prop = message.getContextualProperty(PROPERTY_REQUIRE_CRED_DELEGATION);
         return prop == null ? credDelegation : MessageUtils.isTrue(prop);

http://git-wip-us.apache.org/repos/asf/cxf/blob/82581d6d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
index cce09cb..51fdbe2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
@@ -147,7 +147,7 @@ public class KerberosClient implements Configurable {
             LOG.fine("Requesting Kerberos ticket for " + serviceName 
                     + " using JAAS Login Module: " + getContextName());
         }
-        KerberosSecurity bst = new KerberosSecurity(DOMUtils.createDocument());
+        KerberosSecurity bst = createKerberosSecurity();
         bst.retrieveServiceTicket(getContextName(), callbackHandler, serviceName,
                                   isUsernameServiceNameForm, requestCredentialDelegation,
                                   delegatedCredential);
@@ -170,6 +170,10 @@ public class KerberosClient implements Configurable {
         return token;
     }
 
+    protected KerberosSecurity createKerberosSecurity() {
+        return new KerberosSecurity(DOMUtils.createDocument());
+    }
+
     public boolean isUsernameServiceNameForm() {
         return isUsernameServiceNameForm;
     }


Mime
View raw message