cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stuart Charlton (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (CXF-6401) Change the order that the set of security results are searched to create a security context
Date Fri, 15 May 2015 14:21:59 GMT

    [ https://issues.apache.org/jira/browse/CXF-6401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14545555#comment-14545555
] 

Stuart Charlton edited comment on CXF-6401 at 5/15/15 2:21 PM:
---------------------------------------------------------------

Hi Colm,  

I'm not sure this fixed the issue.   I've run this through a debugger and the SAML Principal
is indeed created, but then the loop continues to run and the WSConstants.ST_SIGNED or WSConstants.ST_UNSIGNED
principal is overridden by WSConstants.SIGN.   

Perhaps what you want is a labelled break to get out of the outer loop ,


was (Author: svrc):
Hi Colm,  

I'm not sure this fixed the issue.   I've run this through a debugger and the SAML Principal
is indeed created, but then the loop continues to run and the WSConstants.ST_SIGNED or WSConstants.ST_UNSIGNED
principal is overridden by WSConstants.SIGN.   

Perhaps what you want is a labelled break to get out of the outer loop , i.e.

index a08251c..140d522 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
@@ -560,6 +560,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
         resultPriorities.add(WSConstants.SIGN);
         resultPriorities.add(WSConstants.UT_NOPASSWORD);
         
+    outer:
         for (Integer resultPriority : resultPriorities) {
             if (resultPriority == WSConstants.ST_UNSIGNED && !allowUnsignedSamlPrincipals)
{
                 continue;
@@ -582,7 +583,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
                         createSecurityContext(msg, useJAASSubject, result, utWithCallbacks);
                     if (context != null) {
                         msg.put(SecurityContext.class, context);
-                        break;
+                        break outer;
                     }
                 }
             }

> Change the order that the set of security results are searched to create a security context
> -------------------------------------------------------------------------------------------
>
>                 Key: CXF-6401
>                 URL: https://issues.apache.org/jira/browse/CXF-6401
>             Project: CXF
>          Issue Type: Improvement
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>             Fix For: 3.1.1, 3.0.6
>
>
> Right now we search the list of security results from WSS4J from the last result backwards,
and stop when we meet a result that can be used to create a security context. However, we
should instead create a list of desired tokens/actions with a priority to each one. So for
example, if a (signed) SAML token is in the security header, this should have a higher priority
than say a Signature, as the likely intention of the service logic is that the SAML Token
encapsulates the user identity.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message