svn commit: r1362711 - /cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java

Tue, 17 Jul 2012 15:55:54 -0700 

Author: sergeyb
Date: Tue Jul 17 22:55:30 2012
New Revision: 1362711

URL: http://svn.apache.org/viewvc?rev=1362711&view=rev
Log:
[CXF-4430] Updating the filter to check if the user name is null, optionally 
removing the realm when setting up a security context

Modified:
    
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java

Modified: 
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
URL: 
http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java?rev=1362711&r1=1362710&r2=1362711&view=diff
==============================================================================
--- 
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
 (original)
+++ 
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
 Tue Jul 17 22:55:30 2012
@@ -58,6 +58,7 @@ public class KerberosAuthenticationFilte
     private String loginContextName;
     private String servicePrincipalName;
     private String realm;
+    private boolean keepUserPrincipalRealm = true;
     
     public Response handleRequest(Message m, ClassResourceInfo resourceClass) {
         
@@ -80,8 +81,21 @@ public class KerberosAuthenticationFilte
 
             Subject.doAs(serviceSubject, new 
ValidateServiceTicketAction(gssContext, serviceTicket));
             
-            final String clientName = gssContext.getSrcName().toString();      
      
-            m.put(SecurityContext.class, new 
SimpleSecurityContext(clientName));
+            GSSName srcName = gssContext.getSrcName();
+            if (srcName == null) {
+                throw new WebApplicationException(getFaultResponse());
+            }
+            
+            String userName = srcName.toString();
+            if (!keepUserPrincipalRealm) {
+                int index = userName.lastIndexOf('@');
+                if (index > 0) {
+                    userName = userName.substring(0, index);
+                    //TODO: still provide a complete user name via 
KerberosPrincipal
+                }
+            }
+            m.put(SecurityContext.class, new SimpleSecurityContext(userName));
+            
             
         } catch (LoginException e) {
             throw new WebApplicationException(getFaultResponse());
@@ -167,6 +181,11 @@ public class KerberosAuthenticationFilte
         this.callbackHandler = callbackHandler;
     }
 
+    
+    public void setKeepUserPrincipalRealm(boolean keep) {
+        this.keepUserPrincipalRealm = keep;
+    }
+
     private final class ValidateServiceTicketAction implements 
PrivilegedExceptionAction<byte[]> {
         private final GSSContext context;
         private final byte[] token;

Reply via email to