Author: sergeyb
Date: Fri Jul 20 22:34:32 2012
New Revision: 1363997
URL: http://svn.apache.org/viewvc?rev=1363997&view=rev
Log:
[CXF-4430] Few last Kerberos updates for now with support for JAAS
Configuration, also reusing NamespacePasswordCallbackHandler which can handle
servlet specific password callbacks
Added:
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginJaasConfiguration.java
(with props)
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasConfigurationSecurityTest.java
(with props)
Modified:
cxf/trunk/api/src/main/java/org/apache/cxf/common/security/SimpleSecurityContext.java
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
cxf/trunk/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProviderTest.java
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookKerberosServer.java
cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml
Modified:
cxf/trunk/api/src/main/java/org/apache/cxf/common/security/SimpleSecurityContext.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/api/src/main/java/org/apache/cxf/common/security/SimpleSecurityContext.java?rev=1363997&r1=1363996&r2=1363997&view=diff
==============================================================================
---
cxf/trunk/api/src/main/java/org/apache/cxf/common/security/SimpleSecurityContext.java
(original)
+++
cxf/trunk/api/src/main/java/org/apache/cxf/common/security/SimpleSecurityContext.java
Fri Jul 20 22:34:32 2012
@@ -23,11 +23,11 @@ import java.security.Principal;
import org.apache.cxf.security.SecurityContext;
public class SimpleSecurityContext implements SecurityContext {
- private SimplePrincipal principal;
+ private Principal principal;
public SimpleSecurityContext(String name) {
this(new SimplePrincipal(name));
}
- public SimpleSecurityContext(SimplePrincipal principal) {
+ public SimpleSecurityContext(Principal principal) {
this.principal = principal;
}
Modified:
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java?rev=1363997&r1=1363996&r2=1363997&view=diff
==============================================================================
---
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
(original)
+++
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
Fri Jul 20 22:34:32 2012
@@ -23,6 +23,7 @@ import java.util.Arrays;
import java.util.List;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.Configuration;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@@ -63,6 +64,10 @@ public class JAASAuthenticationFilter im
interceptor.setContextName(name);
}
+ public void setLoginConfig(Configuration config) {
+ interceptor.setLoginConfig(config);
+ }
+
@Deprecated
public void setRolePrefix(String name) {
interceptor.setRolePrefix(name);
Modified:
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java?rev=1363997&r1=1363996&r2=1363997&view=diff
==============================================================================
---
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
(original)
+++
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
Fri Jul 20 22:34:32 2012
@@ -25,6 +25,7 @@ import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.ws.rs.WebApplicationException;
@@ -37,6 +38,7 @@ import org.apache.cxf.common.security.Si
import org.apache.cxf.common.security.SimpleSecurityContext;
import org.apache.cxf.common.util.Base64Exception;
import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.jaxrs.ext.RequestHandler;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
@@ -60,7 +62,8 @@ public class KerberosAuthenticationFilte
private MessageContext messageContext;
private CallbackHandler callbackHandler;
- private String loginContextName;
+ private Configuration loginConfig;
+ private String loginContextName = "";
private String servicePrincipalName;
private String realm;
@@ -146,8 +149,15 @@ public class KerberosAuthenticationFilte
// meaning that a process which runs this code has the
// user identity
- LoginContext lc = callbackHandler != null
- ? new LoginContext(loginContextName, callbackHandler) : new
LoginContext(loginContextName);
+ LoginContext lc = null;
+ if (callbackHandler != null || loginConfig != null) {
+ lc = new LoginContext(loginContextName, null, callbackHandler,
loginConfig);
+ } else if (!StringUtils.isEmpty(loginContextName)) {
+ lc = new LoginContext(loginContextName);
+ } else {
+ LOG.fine("LoginContext can not be initialized");
+ throw new LoginException();
+ }
lc.login();
return lc.getSubject();
}
@@ -234,4 +244,7 @@ public class KerberosAuthenticationFilte
return context;
}
}
+
+
+
}
Modified:
cxf/trunk/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProviderTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProviderTest.java?rev=1363997&r1=1363996&r2=1363997&view=diff
==============================================================================
---
cxf/trunk/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProviderTest.java
(original)
+++
cxf/trunk/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProviderTest.java
Fri Jul 20 22:34:32 2012
@@ -65,6 +65,13 @@ public class MediaTypeHeaderProviderTest
}
@Test
+ public void testShortWildcardWithParameters3() {
+ MediaType m = MediaType.valueOf("*; q=.2");
+ assertEquals("Media type was not parsed correctly",
+ m, new MediaType("*", "*"));
+ }
+
+ @Test
public void testBadType() {
try {
new MediaTypeHeaderProvider().fromString("texthtml");
Modified:
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java?rev=1363997&r1=1363996&r2=1363997&view=diff
==============================================================================
---
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
(original)
+++
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
Fri Jul 20 22:34:32 2012
@@ -25,10 +25,8 @@ import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
@@ -36,6 +34,7 @@ import org.apache.cxf.common.logging.Log
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.interceptor.security.NamePasswordCallbackHandler;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.ietf.jgss.GSSContext;
@@ -61,6 +60,7 @@ public abstract class AbstractSpnegoAuth
private String servicePrincipalName;
private String realm;
private boolean credDelegation;
+ private Configuration loginConfig;
public String getAuthorization(AuthorizationPolicy authPolicy,
URL currentURL,
@@ -101,9 +101,13 @@ public abstract class AbstractSpnegoAuth
if (authPolicy == null ||
StringUtils.isEmpty(authPolicy.getUserName())) {
return context.initSecContext(token, 0, token.length);
}
-
- LoginContext lc = new LoginContext(authPolicy.getAuthorization(),
getUsernamePasswordHandler(
- authPolicy.getUserName(), authPolicy.getPassword()));
+ String contextName = authPolicy.getAuthorization();
+ if (contextName == null) {
+ contextName = "";
+ }
+ CallbackHandler callbackHandler = getUsernamePasswordHandler(
+ authPolicy.getUserName(), authPolicy.getPassword());
+ LoginContext lc = new LoginContext(contextName, null, callbackHandler,
loginConfig);
lc.login();
try {
@@ -188,26 +192,16 @@ public abstract class AbstractSpnegoAuth
}
}
- public static CallbackHandler getUsernamePasswordHandler(final String
username, final String password) {
- final CallbackHandler handler = new CallbackHandler() {
-
- public void handle(final Callback[] callback) {
- for (int i = 0; i < callback.length; i++) {
- if (callback[i] instanceof NameCallback) {
- final NameCallback nameCallback = (NameCallback)
callback[i];
- nameCallback.setName(username);
- } else if (callback[i] instanceof PasswordCallback) {
- final PasswordCallback passCallback =
(PasswordCallback) callback[i];
- passCallback.setPassword(password.toCharArray());
- }
- }
- }
- };
- return handler;
+ public CallbackHandler getUsernamePasswordHandler(final String username,
final String password) {
+ return new NamePasswordCallbackHandler(username, password);
}
public void setCredDelegation(boolean delegation) {
this.credDelegation = delegation;
}
+ public void setLoginConfig(Configuration config) {
+ this.loginConfig = config;
+ }
+
}
Modified:
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookKerberosServer.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookKerberosServer.java?rev=1363997&r1=1363996&r2=1363997&view=diff
==============================================================================
---
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookKerberosServer.java
(original)
+++
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookKerberosServer.java
Fri Jul 20 22:34:32 2012
@@ -19,11 +19,9 @@
package org.apache.cxf.systest.jaxrs.security;
-import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
+import org.apache.cxf.interceptor.security.NamePasswordCallbackHandler;
import org.apache.cxf.jaxrs.JAXRSServerFactoryBean;
import org.apache.cxf.jaxrs.lifecycle.SingletonResourceProvider;
import org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter;
@@ -63,20 +61,6 @@ public class BookKerberosServer extends
}
public static CallbackHandler getCallbackHandler(final String username,
final String password) {
- final CallbackHandler handler = new CallbackHandler() {
-
- public void handle(final Callback[] callback) {
- for (int i = 0; i < callback.length; i++) {
- if (callback[i] instanceof NameCallback) {
- final NameCallback nameCallback = (NameCallback)
callback[i];
- nameCallback.setName(username);
- } else if (callback[i] instanceof PasswordCallback) {
- final PasswordCallback passCallback =
(PasswordCallback) callback[i];
- passCallback.setPassword(password.toCharArray());
- }
- }
- }
- };
- return handler;
+ return new NamePasswordCallbackHandler(username, password);
}
}
Added:
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginJaasConfiguration.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginJaasConfiguration.java?rev=1363997&view=auto
==============================================================================
---
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginJaasConfiguration.java
(added)
+++
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginJaasConfiguration.java
Fri Jul 20 22:34:32 2012
@@ -0,0 +1,36 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.security;
+
+import java.util.Collections;
+
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+
+public class BookLoginJaasConfiguration extends Configuration {
+ public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
+ return new AppConfigurationEntry[] {
+ new AppConfigurationEntry(BookLoginModule.class.getName(),
+
AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
+ Collections.<String, String>emptyMap())
+ };
+ }
+}
+
+
Propchange:
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginJaasConfiguration.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginJaasConfiguration.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasConfigurationSecurityTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasConfigurationSecurityTest.java?rev=1363997&view=auto
==============================================================================
---
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasConfigurationSecurityTest.java
(added)
+++
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasConfigurationSecurityTest.java
Fri Jul 20 22:34:32 2012
@@ -0,0 +1,77 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security;
+
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response;
+
+import org.apache.cxf.jaxrs.client.WebClient;
+
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class JAXRSJaasConfigurationSecurityTest extends
AbstractSpringSecurityTest {
+ public static final int PORT = BookServerJaasSecurity.PORT;
+
+ @BeforeClass
+ public static void startServers() throws Exception {
+ assertTrue("server did not launch correctly",
+ launchServer(BookServerJaasSecurity.class,
+ true));
+ }
+
+ @Test
+ public void testJaasInterceptorAuthenticationFailure() throws Exception {
+ String endpointAddress =
+ "http://localhost:"; + PORT +
"/service/jaasConfig/bookstorestorage/thosebooks/123";
+ getBook(endpointAddress, "foo", "bar1", 401);
+ }
+
+ @Test
+ public void testGetBookUserAdminJaasInterceptor() throws Exception {
+ String endpointAddress =
+ "http://localhost:"; + PORT +
"/service/jaasConfig/bookstorestorage/thosebooks/123";
+ getBook(endpointAddress, "foo", "bar", 403);
+ getBook(endpointAddress, "bob", "bobspassword", 200);
+ }
+
+ @Test
+ public void testJaasFilterAuthenticationFailure() throws Exception {
+ String endpointAddress =
+ "http://localhost:"; + PORT +
"/service/jaasConfigFilter/bookstorestorage/thosebooks/123";
+ WebClient wc = WebClient.create(endpointAddress);
+ wc.accept("text/xml");
+ wc.header(HttpHeaders.AUTHORIZATION,
+ "Basic " + base64Encode("foo" + ":" + "bar1"));
+ Response r = wc.get();
+ assertEquals(401, r.getStatus());
+ Object wwwAuthHeader =
r.getMetadata().getFirst(HttpHeaders.WWW_AUTHENTICATE);
+ assertNotNull(wwwAuthHeader);
+ assertEquals("Basic", wwwAuthHeader.toString());
+ }
+
+ @Test
+ public void testGetBookUserAdminJaasFilter() throws Exception {
+ String endpointAddress =
+ "http://localhost:"; + PORT +
"/service/jaasConfigFilter/bookstorestorage/thosebooks/123";
+ getBook(endpointAddress, "foo", "bar", 403);
+ getBook(endpointAddress, "bob", "bobspassword", 200);
+ }
+}
Propchange:
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasConfigurationSecurityTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasConfigurationSecurityTest.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified:
cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml?rev=1363997&r1=1363996&r2=1363997&view=diff
==============================================================================
---
cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml
(original)
+++
cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml
Fri Jul 20 22:34:32 2012
@@ -58,11 +58,43 @@ http://cxf.apache.org/schemas/jaxrs.xsd";
</jaxrs:providers>
</jaxrs:server>
+ <jaxrs:server address="/jaasConfig">
+ <jaxrs:serviceBeans>
+ <bean
class="org.apache.cxf.systest.jaxrs.security.SecureBookStoreNoAnnotations"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:inInterceptors>
+ <ref bean="authenticationInterceptorWithConfig"/>
+ <ref bean="authorizationInterceptor"/>
+ </jaxrs:inInterceptors>
+
+ <jaxrs:outFaultInterceptors>
+ <bean
class="org.apache.cxf.systest.jaxrs.security.SecurityOutFaultInterceptor"/>
+ </jaxrs:outFaultInterceptors>
+
+ </jaxrs:server>
+
+ <jaxrs:server address="/jaasConfigFilter">
+ <jaxrs:serviceBeans>
+ <bean
class="org.apache.cxf.systest.jaxrs.security.SecureBookStoreNoAnnotations"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="authenticationFilterConfig"/>
+ <ref bean="authorizationFilter"/>
+ </jaxrs:providers>
+ </jaxrs:server>
+
+
<bean id="authenticationInterceptor"
class="org.apache.cxf.interceptor.security.JAASLoginInterceptor">
<property name="contextName" value="BookLogin"/>
<property name="rolePrefix" value="ROLE_"/>
</bean>
+ <bean id="bookLoginConfig"
class="org.apache.cxf.systest.jaxrs.security.BookLoginJaasConfiguration"/>
+ <bean id="authenticationInterceptorWithConfig"
class="org.apache.cxf.interceptor.security.JAASLoginInterceptor">
+ <property name="loginConfig" ref="bookLoginConfig"/>
+ <property name="rolePrefix" value="ROLE_"/>
+ </bean>
+
<bean id="authorizationInterceptor"
class="org.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor">
<property name="methodRolesMap" ref="rolesMap"/>
</bean>
@@ -74,6 +106,11 @@ http://cxf.apache.org/schemas/jaxrs.xsd";
<property name="redirectURI" value="/login.jsp"/>
</bean>
+ <bean id="authenticationFilterConfig"
class="org.apache.cxf.systest.jaxrs.security.JettyJAASFilter">
+ <property name="loginConfig" ref="bookLoginConfig"/>
+ <property name="rolePrefix" value="ROLE_"/>
+ </bean>
+
<bean id="authorizationFilter"
class="org.apache.cxf.jaxrs.security.SimpleAuthorizingFilter">
<property name="interceptor" ref="authorizationInterceptor"/>
</bean>
