This is an automated email from the ASF dual-hosted git repository.
ffang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new d89aa0b [CXF-7815] follow up refector
new e5c6c93 Merge branch 'master' of github.com:apache/cxf
d89aa0b is described below
commit d89aa0baafba3d0433be054d45606e223479b620
Author: Freeman Fang <[email protected]>
AuthorDate: Thu Nov 8 10:03:08 2018 +0800
[CXF-7815] follow up refector
---
.../AbstractSecurityContextInInterceptor.java | 5 +---
.../security/DefaultSecurityContext.java | 29 +++++++++++-----------
2 files changed, 16 insertions(+), 18 deletions(-)
diff --git
a/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java
b/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java
index 3d32f06..8d71bda 100644
---
a/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java
+++
b/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java
@@ -24,7 +24,6 @@ import java.util.logging.Logger;
import javax.security.auth.Subject;
import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.security.GroupPrincipal;
import org.apache.cxf.common.security.SecurityToken;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
@@ -71,9 +70,7 @@ public abstract class AbstractSecurityContextInInterceptor
extends AbstractPhase
protected Principal getPrincipal(Principal originalPrincipal, Subject
subject) {
Principal[] ps = subject.getPrincipals().toArray(new
Principal[subject.getPrincipals().size()]);
if (ps != null && ps.length > 0
- && !(ps[0] instanceof GroupPrincipal
- || DefaultSecurityContext.instanceOf(ps[0],
"java.security.acl.Group")
- || DefaultSecurityContext.instanceOf(ps[0],
"org.apache.karaf.jaas.boot.principal.Group"))) {
+ && !DefaultSecurityContext.isGroupPrincipal(ps[0])) {
return ps[0];
}
return originalPrincipal;
diff --git
a/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
b/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
index f080511..71a212f 100644
---
a/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
+++
b/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
@@ -65,9 +65,7 @@ public class DefaultSecurityContext implements
LoginSecurityContext {
}
for (Principal principal : subject.getPrincipals()) {
- if (!(principal instanceof GroupPrincipal
- || instanceOf(principal, "java.security.acl.Group")
- || instanceOf(principal,
"org.apache.karaf.jaas.boot.principal.Group"))
+ if (!isGroupPrincipal(principal)
&& (principalName == null ||
principal.getName().equals(principalName))) {
return principal;
}
@@ -76,9 +74,7 @@ public class DefaultSecurityContext implements
LoginSecurityContext {
// No match for the principalName. Just return first non-Group
Principal
if (principalName != null) {
for (Principal principal : subject.getPrincipals()) {
- if (!(principal instanceof GroupPrincipal
- || instanceOf(principal, "java.security.acl.Group")
- || instanceOf(principal,
"org.apache.karaf.jaas.boot.principal.Group"))) {
+ if (!isGroupPrincipal(principal)) {
return principal;
}
}
@@ -94,9 +90,7 @@ public class DefaultSecurityContext implements
LoginSecurityContext {
public boolean isUserInRole(String role) {
if (subject != null) {
for (Principal principal : subject.getPrincipals()) {
- if ((principal instanceof GroupPrincipal
- || instanceOf(principal, "java.security.acl.Group")
- || instanceOf(principal,
"org.apache.karaf.jaas.boot.principal.Group"))
+ if (isGroupPrincipal(principal)
&& checkGroup((Principal)principal, role)) {
return true;
} else if (p != principal
@@ -108,6 +102,7 @@ public class DefaultSecurityContext implements
LoginSecurityContext {
return false;
}
+
protected boolean checkGroup(Principal principal, String role) {
if (principal.getName().equals(role)) {
return true;
@@ -126,9 +121,7 @@ public class DefaultSecurityContext implements
LoginSecurityContext {
// this might be a plain role but could represent a group
consisting of other groups/roles
Principal member = members.nextElement();
if (member.getName().equals(role)
- || (member instanceof GroupPrincipal
- || instanceOf(member, "java.security.acl.Group")
- || instanceOf(member,
"org.apache.karaf.jaas.boot.principal.Group"))
+ || isGroupPrincipal(member)
&& checkGroup((GroupPrincipal)member, role)) {
return true;
}
@@ -153,11 +146,19 @@ public class DefaultSecurityContext implements
LoginSecurityContext {
return roles;
}
- public static boolean instanceOf(Object obj, String className) {
+
+ private static boolean instanceOf(Object obj, String className) {
try {
return Class.forName(className).isInstance(obj);
} catch (ClassNotFoundException ex) {
return false;
}
- }
+ }
+
+ public static boolean isGroupPrincipal(Principal principal) {
+ return principal instanceof GroupPrincipal
+ || instanceOf(principal, "java.security.acl.Group")
+ || instanceOf(principal,
"org.apache.karaf.jaas.boot.principal.Group");
+ }
+
}
