[2/2] git commit: [CXF-5603] - The DefaultSecurityContext should use a supplied username to help find the User Principal

Tue, 11 Mar 2014 09:41:04 -0700 

[CXF-5603] - The DefaultSecurityContext should use a supplied username to help 
find the User Principal

Conflicts:
        
core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7f5e4d8a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7f5e4d8a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7f5e4d8a

Branch: refs/heads/2.7.x-fixes
Commit: 7f5e4d8af8a0a42c6f244e6f97268c5bb092d6ac
Parents: e0ef007
Author: Colm O hEigeartaigh <[email protected]>
Authored: Tue Mar 11 15:39:00 2014 +0000
Committer: Colm O hEigeartaigh <[email protected]>
Committed: Tue Mar 11 16:39:33 2014 +0000

----------------------------------------------------------------------
 .../security/DefaultSecurityContext.java        | 26 +++++++++++++++++---
 .../security/JAASLoginInterceptor.java          | 17 ++++++++++++-
 2 files changed, 38 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/7f5e4d8a/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
----------------------------------------------------------------------
diff --git 
a/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
 
b/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
index b0f6138..11934c4 100644
--- 
a/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
+++ 
b/rt/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
@@ -41,7 +41,12 @@ public class DefaultSecurityContext implements 
LoginSecurityContext {
     private Subject subject; 
     
     public DefaultSecurityContext(Subject subject) {
-        this.p = findPrincipal(subject);
+        this.p = findPrincipal(null, subject);
+        this.subject = subject;
+    }
+    
+    public DefaultSecurityContext(String principalName, Subject subject) {
+        this.p = findPrincipal(principalName, subject);
         this.subject = subject;
     }
     
@@ -49,18 +54,31 @@ public class DefaultSecurityContext implements 
LoginSecurityContext {
         this.p = p;
         this.subject = subject;
         if (p == null) {
-            this.p = findPrincipal(subject);
+            this.p = findPrincipal(null, subject);
         }
     }
     
-    private static Principal findPrincipal(Subject subject) {
-        if (subject != null) {
+    private static Principal findPrincipal(String principalName, Subject 
subject) {
+        if (subject == null) {
+            return null;
+        }
+        
+        for (Principal principal : subject.getPrincipals()) {
+            if (!(principal instanceof Group) && (principalName == null 
+                || (principalName != null && 
principalName.equals(principal.getName())))) {
+                return principal;
+            }
+        }
+        
+        // No match for the principalName. Just return first non-Group 
Principal
+        if (principalName != null) {
             for (Principal principal : subject.getPrincipals()) {
                 if (!(principal instanceof Group)) { 
                     return principal;
                 }
             }
         }
+        
         return null;
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/7f5e4d8a/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
----------------------------------------------------------------------
diff --git 
a/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
 
b/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
index b86d6f8..07b10d5 100644
--- 
a/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
+++ 
b/rt/core/src/main/java/org/apache/cxf/interceptor/security/JAASLoginInterceptor.java
@@ -37,6 +37,7 @@ import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
+import org.apache.cxf.phase.PhaseInterceptorChain;
 import org.apache.cxf.security.SecurityContext;
 
 public class JAASLoginInterceptor extends AbstractPhaseInterceptor<Message> {
@@ -161,7 +162,21 @@ public class JAASLoginInterceptor extends 
AbstractPhaseInterceptor<Message> {
             return new RolePrefixSecurityContextImpl(subject, 
getRoleClassifier(),
                                                      getRoleClassifierType());
         } else {
-            return new DefaultSecurityContext(subject);
+            // Get username - this is a bit unwieldy but necessary to preserve 
the message signature
+            Message message = PhaseInterceptorChain.getCurrentMessage();
+            AuthorizationPolicy policy = 
message.get(AuthorizationPolicy.class);
+            String name = null;
+            if (policy != null) {
+                name = policy.getUserName();
+            } else {
+                // try the UsernameToken
+                SecurityToken token = message.get(SecurityToken.class);
+                if (token != null && token.getTokenType() == 
TokenType.UsernameToken) {
+                    UsernameToken ut = (UsernameToken)token;
+                    name = ut.getName();
+                }
+            }
+            return new DefaultSecurityContext(name, subject);
         }
     }

Reply via email to