Author: sergeyb
Date: Sun Jul 22 21:51:48 2012
New Revision: 1364441
URL: http://svn.apache.org/viewvc?rev=1364441&view=rev
Log:
Merged revisions 1363997,1364007,1364437 via svnmerge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1363997 | sergeyb | 2012-07-20 23:34:32 +0100 (Fri, 20 Jul 2012) | 1 line
[CXF-4430] Few last Kerberos updates for now with support for JAAS
Configuration, also reusing NamespacePasswordCallbackHandler which can handle
servlet specific password callbacks
........
r1364007 | sergeyb | 2012-07-20 23:49:30 +0100 (Fri, 20 Jul 2012) | 1 line
forgetting to commit one more update
........
r1364437 | sergeyb | 2012-07-22 22:42:11 +0100 (Sun, 22 Jul 2012) | 1 line
Minor to updates for Kerberos filters to work with keytabs
........
Added:
cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginJaasConfiguration.java
- copied unchanged from r1364437,
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookLoginJaasConfiguration.java
cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasConfigurationSecurityTest.java
- copied unchanged from r1364437,
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSJaasConfigurationSecurityTest.java
Modified:
cxf/branches/2.6.x-fixes/ (props changed)
cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/common/security/SimpleSecurityContext.java
cxf/branches/2.6.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProviderTest.java
cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookKerberosServer.java
cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSKerberosBookTest.java
cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/kerberos.cfg
cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml
Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
svn:mergeinfo = /cxf/trunk:1363997-1364437
Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified:
cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/common/security/SimpleSecurityContext.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/common/security/SimpleSecurityContext.java?rev=1364441&r1=1364440&r2=1364441&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/common/security/SimpleSecurityContext.java
(original)
+++
cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/common/security/SimpleSecurityContext.java
Sun Jul 22 21:51:48 2012
@@ -23,11 +23,11 @@ import java.security.Principal;
import org.apache.cxf.security.SecurityContext;
public class SimpleSecurityContext implements SecurityContext {
- private SimplePrincipal principal;
+ private Principal principal;
public SimpleSecurityContext(String name) {
this(new SimplePrincipal(name));
}
- public SimpleSecurityContext(SimplePrincipal principal) {
+ public SimpleSecurityContext(Principal principal) {
this.principal = principal;
}
Modified:
cxf/branches/2.6.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java?rev=1364441&r1=1364440&r2=1364441&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
(original)
+++
cxf/branches/2.6.x-fixes/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
Sun Jul 22 21:51:48 2012
@@ -23,6 +23,7 @@ import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
@@ -45,11 +46,13 @@ public class JAASLoginInterceptor extend
private static final ResourceBundle BUNDLE =
BundleUtils.getBundle(JAASLoginInterceptor.class);
private static final Logger LOG =
LogUtils.getL7dLogger(JAASLoginInterceptor.class);
- private String contextName;
+ private String contextName = "";
+ private Configuration loginConfig;
private String roleClassifier;
private String roleClassifierType = ROLE_CLASSIFIER_PREFIX;
private boolean reportFault;
+
public JAASLoginInterceptor() {
super(Phase.UNMARSHAL);
}
@@ -128,8 +131,11 @@ public class JAASLoginInterceptor extend
}
try {
+
+
CallbackHandler handler = getCallbackHandler(name, password);
- LoginContext ctx = new LoginContext(getContextName(), handler);
+ LoginContext ctx = new LoginContext(getContextName(), null,
handler, loginConfig);
+
ctx.login();
Subject subject = ctx.getSubject();
@@ -158,6 +164,14 @@ public class JAASLoginInterceptor extend
return new DefaultSecurityContext(subject);
}
}
+
+ public Configuration getLoginConfig() {
+ return loginConfig;
+ }
+
+ public void setLoginConfig(Configuration loginConfig) {
+ this.loginConfig = loginConfig;
+ }
}
Modified:
cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java?rev=1364441&r1=1364440&r2=1364441&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
(original)
+++
cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
Sun Jul 22 21:51:48 2012
@@ -23,6 +23,7 @@ import java.util.Arrays;
import java.util.List;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.Configuration;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@@ -63,6 +64,10 @@ public class JAASAuthenticationFilter im
interceptor.setContextName(name);
}
+ public void setLoginConfig(Configuration config) {
+ interceptor.setLoginConfig(config);
+ }
+
@Deprecated
public void setRolePrefix(String name) {
interceptor.setRolePrefix(name);
Modified:
cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java?rev=1364441&r1=1364440&r2=1364441&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
(original)
+++
cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
Sun Jul 22 21:51:48 2012
@@ -25,6 +25,7 @@ import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.ws.rs.WebApplicationException;
@@ -37,6 +38,7 @@ import org.apache.cxf.common.security.Si
import org.apache.cxf.common.security.SimpleSecurityContext;
import org.apache.cxf.common.util.Base64Exception;
import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.jaxrs.ext.RequestHandler;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
@@ -60,7 +62,8 @@ public class KerberosAuthenticationFilte
private MessageContext messageContext;
private CallbackHandler callbackHandler;
- private String loginContextName;
+ private Configuration loginConfig;
+ private String loginContextName = "";
private String servicePrincipalName;
private String realm;
@@ -141,13 +144,17 @@ public class KerberosAuthenticationFilte
// The login without a callback can work if
// - Kerberos keytabs are used with a principal name set in the JAAS
config
- // - TGT cache is available and either a principalName is set in the
JAAS config
- // or Kerberos is integrated into the OS logon process
+ // - Kerberos is integrated into the OS logon process
// meaning that a process which runs this code has the
// user identity
- LoginContext lc = callbackHandler != null
- ? new LoginContext(loginContextName, callbackHandler) : new
LoginContext(loginContextName);
+ LoginContext lc = null;
+ if (!StringUtils.isEmpty(loginContextName) || loginConfig != null) {
+ lc = new LoginContext(loginContextName, null, callbackHandler,
loginConfig);
+ } else {
+ LOG.fine("LoginContext can not be initialized");
+ throw new LoginException();
+ }
lc.login();
return lc.getSubject();
}
@@ -234,4 +241,7 @@ public class KerberosAuthenticationFilte
return context;
}
}
+
+
+
}
Modified:
cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProviderTest.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProviderTest.java?rev=1364441&r1=1364440&r2=1364441&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProviderTest.java
(original)
+++
cxf/branches/2.6.x-fixes/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProviderTest.java
Sun Jul 22 21:51:48 2012
@@ -65,6 +65,13 @@ public class MediaTypeHeaderProviderTest
}
@Test
+ public void testShortWildcardWithParameters3() {
+ MediaType m = MediaType.valueOf("*; q=.2");
+ assertEquals("Media type was not parsed correctly",
+ m, new MediaType("*", "*"));
+ }
+
+ @Test
public void testBadType() {
try {
new MediaTypeHeaderProvider().fromString("texthtml");
Modified:
cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java?rev=1364441&r1=1364440&r2=1364441&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
(original)
+++
cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
Sun Jul 22 21:51:48 2012
@@ -25,10 +25,8 @@ import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
@@ -36,6 +34,7 @@ import org.apache.cxf.common.logging.Log
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.interceptor.security.NamePasswordCallbackHandler;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.ietf.jgss.GSSContext;
@@ -61,6 +60,7 @@ public abstract class AbstractSpnegoAuth
private String servicePrincipalName;
private String realm;
private boolean credDelegation;
+ private Configuration loginConfig;
public String getAuthorization(AuthorizationPolicy authPolicy,
URL currentURL,
@@ -96,14 +96,23 @@ public abstract class AbstractSpnegoAuth
private byte[] getToken(AuthorizationPolicy authPolicy,
final GSSContext context) throws GSSException,
LoginException {
+
+ String contextName = authPolicy.getAuthorization();
+ if (contextName == null) {
+ contextName = "";
+ }
+
final byte[] token = new byte[0];
- if (authPolicy == null ||
StringUtils.isEmpty(authPolicy.getUserName())) {
+ if (authPolicy == null
+ || (StringUtils.isEmpty(authPolicy.getUserName())
+ && StringUtils.isEmpty(contextName) && loginConfig == null)) {
return context.initSecContext(token, 0, token.length);
}
-
- LoginContext lc = new LoginContext(authPolicy.getAuthorization(),
getUsernamePasswordHandler(
- authPolicy.getUserName(), authPolicy.getPassword()));
+
+ CallbackHandler callbackHandler = getUsernamePasswordHandler(
+ authPolicy.getUserName(), authPolicy.getPassword());
+ LoginContext lc = new LoginContext(contextName, null, callbackHandler,
loginConfig);
lc.login();
try {
@@ -188,26 +197,20 @@ public abstract class AbstractSpnegoAuth
}
}
- public static CallbackHandler getUsernamePasswordHandler(final String
username, final String password) {
- final CallbackHandler handler = new CallbackHandler() {
-
- public void handle(final Callback[] callback) {
- for (int i = 0; i < callback.length; i++) {
- if (callback[i] instanceof NameCallback) {
- final NameCallback nameCallback = (NameCallback)
callback[i];
- nameCallback.setName(username);
- } else if (callback[i] instanceof PasswordCallback) {
- final PasswordCallback passCallback =
(PasswordCallback) callback[i];
- passCallback.setPassword(password.toCharArray());
- }
- }
- }
- };
- return handler;
+ public CallbackHandler getUsernamePasswordHandler(final String username,
final String password) {
+ if (StringUtils.isEmpty(username)) {
+ return null;
+ } else {
+ return new NamePasswordCallbackHandler(username, password);
+ }
}
public void setCredDelegation(boolean delegation) {
this.credDelegation = delegation;
}
+ public void setLoginConfig(Configuration config) {
+ this.loginConfig = config;
+ }
+
}
Modified:
cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookKerberosServer.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookKerberosServer.java?rev=1364441&r1=1364440&r2=1364441&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookKerberosServer.java
(original)
+++
cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/BookKerberosServer.java
Sun Jul 22 21:51:48 2012
@@ -19,11 +19,9 @@
package org.apache.cxf.systest.jaxrs.security;
-import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
+import org.apache.cxf.interceptor.security.NamePasswordCallbackHandler;
import org.apache.cxf.jaxrs.JAXRSServerFactoryBean;
import org.apache.cxf.jaxrs.lifecycle.SingletonResourceProvider;
import org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter;
@@ -44,6 +42,8 @@ public class BookKerberosServer extends
KerberosAuthenticationFilter filter = new
KerberosAuthenticationFilter();
filter.setLoginContextName("KerberosServer");
filter.setCallbackHandler(getCallbackHandler("HTTP/localhost",
"http"));
+ //filter.setLoginContextName("KerberosServerKeyTab");
+ //filter.setServicePrincipalName("HTTP/ktab");
sf.setProvider(filter);
sf.setAddress("http://localhost:"; + PORT + "/");
@@ -63,20 +63,6 @@ public class BookKerberosServer extends
}
public static CallbackHandler getCallbackHandler(final String username,
final String password) {
- final CallbackHandler handler = new CallbackHandler() {
-
- public void handle(final Callback[] callback) {
- for (int i = 0; i < callback.length; i++) {
- if (callback[i] instanceof NameCallback) {
- final NameCallback nameCallback = (NameCallback)
callback[i];
- nameCallback.setName(username);
- } else if (callback[i] instanceof PasswordCallback) {
- final PasswordCallback passCallback =
(PasswordCallback) callback[i];
- passCallback.setPassword(password.toCharArray());
- }
- }
- }
- };
- return handler;
+ return new NamePasswordCallbackHandler(username, password);
}
}
Modified:
cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSKerberosBookTest.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSKerberosBookTest.java?rev=1364441&r1=1364440&r2=1364441&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSKerberosBookTest.java
(original)
+++
cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSKerberosBookTest.java
Sun Jul 22 21:51:48 2012
@@ -90,4 +90,48 @@ public class JAXRSKerberosBookTest exten
Book b = wc.get(Book.class);
assertEquals(b.getId(), 123);
}
+
+ @Test
+ @Ignore
+ public void testGetBookWithInterceptorAndKeyTab() throws Exception {
+ WebClient wc = WebClient.create("http://localhost:"; + PORT +
"/bookstore/books/123");
+
+ KerberosAuthOutInterceptor kbInterceptor = new
KerberosAuthOutInterceptor();
+
+ AuthorizationPolicy policy = new AuthorizationPolicy();
+ policy.setAuthorizationType(HttpAuthHeader.AUTH_TYPE_NEGOTIATE);
+ policy.setAuthorization("KerberosClientKeyTab");
+
+ kbInterceptor.setPolicy(policy);
+ kbInterceptor.setCredDelegation(true);
+
+ WebClient.getConfig(wc).getOutInterceptors().add(new
LoggingOutInterceptor());
+ WebClient.getConfig(wc).getOutInterceptors().add(kbInterceptor);
+
+ Book b = wc.get(Book.class);
+ assertEquals(b.getId(), 123);
+ }
+
+ @Test
+ @Ignore
+ public void testGetBookWithInterceptorServiceKeyTab() throws Exception {
+ WebClient wc = WebClient.create("http://localhost:"; + PORT +
"/bookstore/books/123");
+
+ KerberosAuthOutInterceptor kbInterceptor = new
KerberosAuthOutInterceptor();
+
+ AuthorizationPolicy policy = new AuthorizationPolicy();
+ policy.setAuthorizationType(HttpAuthHeader.AUTH_TYPE_NEGOTIATE);
+ policy.setAuthorization("KerberosClient");
+ policy.setUserName("alice");
+ policy.setPassword("alice");
+
+ kbInterceptor.setPolicy(policy);
+ kbInterceptor.setServicePrincipalName("HTTP/ktab");
+
+ WebClient.getConfig(wc).getOutInterceptors().add(new
LoggingOutInterceptor());
+ WebClient.getConfig(wc).getOutInterceptors().add(kbInterceptor);
+
+ Book b = wc.get(Book.class);
+ assertEquals(b.getId(), 123);
+ }
}
Modified:
cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/kerberos.cfg
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/kerberos.cfg?rev=1364441&r1=1364440&r2=1364441&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/kerberos.cfg
(original)
+++
cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/kerberos.cfg
Sun Jul 22 21:51:48 2012
@@ -1,6 +1,22 @@
KerberosClient {
com.sun.security.auth.module.Krb5LoginModule required client=TRUE;
};
+KerberosClientKeyTab {
+ com.sun.security.auth.module.Krb5LoginModule required
+ client=TRUE
+ refreshKrb5Config=true
+ useKeyTab=true
+ keyTab="/etc/bob.keytab"
+ principal="bob";
+};
KerberosServer {
com.sun.security.auth.module.Krb5LoginModule required storeKey=true;
};
+KerberosServerKeyTab {
+ com.sun.security.auth.module.Krb5LoginModule required
+ storeKey=true
+ refreshKrb5Config=true
+ useKeyTab=true
+ keyTab="/etc/http.keytab"
+ principal="HTTP/ktab";
+};
Modified:
cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml?rev=1364441&r1=1364440&r2=1364441&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml
(original)
+++
cxf/branches/2.6.x-fixes/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml
Sun Jul 22 21:51:48 2012
@@ -58,11 +58,43 @@ http://cxf.apache.org/schemas/jaxrs.xsd";
</jaxrs:providers>
</jaxrs:server>
+ <jaxrs:server address="/jaasConfig">
+ <jaxrs:serviceBeans>
+ <bean
class="org.apache.cxf.systest.jaxrs.security.SecureBookStoreNoAnnotations"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:inInterceptors>
+ <ref bean="authenticationInterceptorWithConfig"/>
+ <ref bean="authorizationInterceptor"/>
+ </jaxrs:inInterceptors>
+
+ <jaxrs:outFaultInterceptors>
+ <bean
class="org.apache.cxf.systest.jaxrs.security.SecurityOutFaultInterceptor"/>
+ </jaxrs:outFaultInterceptors>
+
+ </jaxrs:server>
+
+ <jaxrs:server address="/jaasConfigFilter">
+ <jaxrs:serviceBeans>
+ <bean
class="org.apache.cxf.systest.jaxrs.security.SecureBookStoreNoAnnotations"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="authenticationFilterConfig"/>
+ <ref bean="authorizationFilter"/>
+ </jaxrs:providers>
+ </jaxrs:server>
+
+
<bean id="authenticationInterceptor"
class="org.apache.cxf.interceptor.security.JAASLoginInterceptor">
<property name="contextName" value="BookLogin"/>
<property name="rolePrefix" value="ROLE_"/>
</bean>
+ <bean id="bookLoginConfig"
class="org.apache.cxf.systest.jaxrs.security.BookLoginJaasConfiguration"/>
+ <bean id="authenticationInterceptorWithConfig"
class="org.apache.cxf.interceptor.security.JAASLoginInterceptor">
+ <property name="loginConfig" ref="bookLoginConfig"/>
+ <property name="rolePrefix" value="ROLE_"/>
+ </bean>
+
<bean id="authorizationInterceptor"
class="org.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor">
<property name="methodRolesMap" ref="rolesMap"/>
</bean>
@@ -74,6 +106,11 @@ http://cxf.apache.org/schemas/jaxrs.xsd";
<property name="redirectURI" value="/login.jsp"/>
</bean>
+ <bean id="authenticationFilterConfig"
class="org.apache.cxf.systest.jaxrs.security.JettyJAASFilter">
+ <property name="loginConfig" ref="bookLoginConfig"/>
+ <property name="rolePrefix" value="ROLE_"/>
+ </bean>
+
<bean id="authorizationFilter"
class="org.apache.cxf.jaxrs.security.SimpleAuthorizingFilter">
<property name="interceptor" ref="authorizationInterceptor"/>
</bean>
