Author: sergeyb
Date: Wed Apr 6 16:39:09 2011
New Revision: 1089530
URL: http://svn.apache.org/viewvc?rev=1089530&view=rev
Log:
Merged revisions 1089512 via svnmerge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1089512 | sergeyb | 2011-04-06 17:09:34 +0100 (Wed, 06 Apr 2011) | 1 line
[CXF-3444] Attempting to set the 'best' SecurityContext principal
........
Modified:
cxf/branches/2.3.x-fixes/ (props changed)
cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
cxf/branches/2.3.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java
Propchange: cxf/branches/2.3.x-fixes/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Apr 6 16:39:09 2011
@@ -1 +1 @@
-/cxf/trunk:1089407,1089487
+/cxf/trunk:1089407,1089487,1089512
Propchange: cxf/branches/2.3.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified:
cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1089530&r1=1089529&r2=1089530&view=diff
==============================================================================
---
cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++
cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Wed Apr 6 16:39:09 2011
@@ -58,6 +58,7 @@ import org.apache.cxf.ws.security.Securi
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSDerivedKeyTokenPrincipal;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
@@ -430,7 +431,7 @@ public class WSS4JInInterceptor extends
for (WSSecurityEngineResult o : CastUtils.cast(wsResult,
WSSecurityEngineResult.class)) {
final Principal p =
(Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);
- if (p != null) {
+ if (p != null && isSecurityContextPrincipal(p, wsResult)) {
msg.put(PRINCIPAL_RESULT, p);
if (!utWithCallbacks) {
WSS4JTokenConverter.convertToken(msg, p);
@@ -444,6 +445,23 @@ public class WSS4JInInterceptor extends
}
}
+ /**
+ * Checks if a given WSS4J Principal can be represented as a user principal
+ * inside SecurityContext. Example, UsernameToken or PublicKey principals
can
+ * be used to facilitate checking the user roles, etc.
+ */
+ protected boolean isSecurityContextPrincipal(Principal p,
List<WSSecurityEngineResult> wsResult) {
+ boolean derivedKeyPrincipal = p instanceof WSDerivedKeyTokenPrincipal;
+ if (derivedKeyPrincipal) {
+ // If it is a derived key principal then let it be a
SecurityContext
+ // principal only if no other principals are available.
+ // The derived key principal will still be visible to
+ // custom interceptors as part of the
WSHandlerConstants.RECV_RESULTS value
+ return wsResult.size() > 1 ? false : true;
+ } else {
+ return true;
+ }
+ }
protected SecurityContext createSecurityContext(final Principal p) {
return new SecurityContext() {
Modified:
cxf/branches/2.3.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java?rev=1089530&r1=1089529&r2=1089530&view=diff
==============================================================================
---
cxf/branches/2.3.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java
(original)
+++
cxf/branches/2.3.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java
Wed Apr 6 16:39:09 2011
@@ -20,6 +20,7 @@ package org.apache.cxf.ws.security.wss4j
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
+import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
@@ -27,6 +28,7 @@ import java.util.List;
import java.util.Map;
import java.util.SortedSet;
import java.util.TreeSet;
+
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -56,8 +58,10 @@ import org.apache.cxf.staxutils.StaxUtil
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
+
import org.junit.Test;
@@ -398,6 +402,18 @@ public class WSS4JInOutTest extends Abst
(java.util.List<Object>) handlerResults.get(0).getResults();
assertNotNull(protectionResults);
assertSame(protectionResults.size(), 2);
+
+ WSSecurityEngineResult wsResult1 =
(WSSecurityEngineResult)protectionResults.get(0);
+ WSSecurityEngineResult wsResult2 =
(WSSecurityEngineResult)protectionResults.get(1);
+
+ final Principal p1 =
(Principal)wsResult1.get(WSSecurityEngineResult.TAG_PRINCIPAL);
+ final Principal p2 =
(Principal)wsResult2.get(WSSecurityEngineResult.TAG_PRINCIPAL);
+ assertTrue(p1 instanceof WSUsernameTokenPrincipal || p2 instanceof
WSUsernameTokenPrincipal);
+
+ Principal utPrincipal = p1 instanceof WSUsernameTokenPrincipal ? p1 :
p2;
+
+ Principal secContextPrincipal =
(Principal)inmsg.get(WSS4JInInterceptor.PRINCIPAL_RESULT);
+ assertSame(secContextPrincipal, utPrincipal);
}
@Test
