git commit: [CXF-5603] - The DefaultSecurityContext should use a supplied username to help find the User Principal

Tue, 11 Mar 2014 08:40:21 -0700 

Repository: cxf
Updated Branches:
  refs/heads/master 741754e03 -> 9251e70e5


[CXF-5603] - The DefaultSecurityContext should use a supplied username to help 
find the User Principal


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9251e70e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9251e70e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9251e70e

Branch: refs/heads/master
Commit: 9251e70e5d449caf0c014f41ec98d019f0bafd2a
Parents: 741754e
Author: Colm O hEigeartaigh <[email protected]>
Authored: Tue Mar 11 15:39:00 2014 +0000
Committer: Colm O hEigeartaigh <[email protected]>
Committed: Tue Mar 11 15:39:00 2014 +0000

----------------------------------------------------------------------
 .../security/DefaultSecurityContext.java        | 26 +++++++++++++++++---
 .../security/JAASLoginInterceptor.java          |  6 ++---
 2 files changed, 25 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/9251e70e/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
----------------------------------------------------------------------
diff --git 
a/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
 
b/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
index b0f6138..11934c4 100644
--- 
a/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
+++ 
b/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
@@ -41,7 +41,12 @@ public class DefaultSecurityContext implements 
LoginSecurityContext {
     private Subject subject; 
     
     public DefaultSecurityContext(Subject subject) {
-        this.p = findPrincipal(subject);
+        this.p = findPrincipal(null, subject);
+        this.subject = subject;
+    }
+    
+    public DefaultSecurityContext(String principalName, Subject subject) {
+        this.p = findPrincipal(principalName, subject);
         this.subject = subject;
     }
     
@@ -49,18 +54,31 @@ public class DefaultSecurityContext implements 
LoginSecurityContext {
         this.p = p;
         this.subject = subject;
         if (p == null) {
-            this.p = findPrincipal(subject);
+            this.p = findPrincipal(null, subject);
         }
     }
     
-    private static Principal findPrincipal(Subject subject) {
-        if (subject != null) {
+    private static Principal findPrincipal(String principalName, Subject 
subject) {
+        if (subject == null) {
+            return null;
+        }
+        
+        for (Principal principal : subject.getPrincipals()) {
+            if (!(principal instanceof Group) && (principalName == null 
+                || (principalName != null && 
principalName.equals(principal.getName())))) {
+                return principal;
+            }
+        }
+        
+        // No match for the principalName. Just return first non-Group 
Principal
+        if (principalName != null) {
             for (Principal principal : subject.getPrincipals()) {
                 if (!(principal instanceof Group)) { 
                     return principal;
                 }
             }
         }
+        
         return null;
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/9251e70e/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
----------------------------------------------------------------------
diff --git 
a/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
 
b/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
index 43d5f5e..928bc38 100644
--- 
a/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
+++ 
b/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
@@ -138,7 +138,7 @@ public class JAASLoginInterceptor extends 
AbstractPhaseInterceptor<Message> {
             
             Subject subject = ctx.getSubject();
             
-            message.put(SecurityContext.class, 
createSecurityContext(subject)); 
+            message.put(SecurityContext.class, createSecurityContext(name, 
subject)); 
         } catch (LoginException ex) {
             String errorMessage = "Unauthorized : " + ex.getMessage();
             LOG.fine(errorMessage);
@@ -154,12 +154,12 @@ public class JAASLoginInterceptor extends 
AbstractPhaseInterceptor<Message> {
         return new NamePasswordCallbackHandler(name, password);
     }
     
-    protected SecurityContext createSecurityContext(Subject subject) {
+    protected SecurityContext createSecurityContext(String name, Subject 
subject) {
         if (getRoleClassifier() != null) {
             return new RolePrefixSecurityContextImpl(subject, 
getRoleClassifier(),
                                                      getRoleClassifierType());
         } else {
-            return new DefaultSecurityContext(subject);
+            return new DefaultSecurityContext(name, subject);
         }
     }

Reply via email to