[jira] [Commented] (CXF-3521) WebServiceContext.getUserPrincipal() is null for incoming SAML Token or transformed token

Tue, 31 May 2011 06:57:38 -0700 

    [ 
https://issues.apache.org/jira/browse/CXF-3521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13041586#comment-13041586
 ] 

Colm O hEigeartaigh commented on CXF-3521:
------------------------------------------

This has been fixed by WSS-290:

https://issues.apache.org/jira/browse/WSS-290

Please see the JIRA description above for more information. I'm marking this 
issue as "blocked-on-external", so that the change to the SEI can be applied 
once we upgrade to WSS4J 1.6.1. One point to note though is that the principal 
is not guaranteed to be a SAMLTokenPrincipal for all of the test-cases. For 
some of the test-cases it corresponds to an EncryptedKey, as this is the first 
principal that is created.

Colm.

> WebServiceContext.getUserPrincipal() is null for incoming SAML Token or 
> transformed token
> -----------------------------------------------------------------------------------------
>
>                 Key: CXF-3521
>                 URL: https://issues.apache.org/jira/browse/CXF-3521
>             Project: CXF
>          Issue Type: Improvement
>          Components: WS-* Components
>    Affects Versions: 2.4
>            Reporter: Oliver Wulff
>            Assignee: Colm O hEigeartaigh
>             Fix For: 2.4.1
>
>         Attachments: DoubleItImpl.java
>
>
> If my service provider receives a SAML token or a BinarySecurityToken (will 
> be transformed) I can't read the principle using the JAX-WS WebServiceContext.
> example:
> ...
>     @Resource
>     WebServiceContext wsContext;
>     public java.math.BigInteger doubleIt(java.math.BigInteger numberToDouble) 
> {
>         Principal pr = wsContext.getUserPrincipal();
> ...
> The method getUserPrincipal() returns null.
> I see two ways to fix this.
> 1) Pass the principal to the constructor of WSSecurityEngineResult in the 
> processor of WSS4J
> ex.
>         if (assertion.isSigned()) {
>             result = new WSSecurityEngineResult(WSConstants.ST_SIGNED, 
> assertion);
>         } else {
>             result = new WSSecurityEngineResult(WSConstants.ST_UNSIGNED, 
> assertion);
>         }
> similar for BinarySecurityTokenProcessor.
> This allows the CXF WSS4JInInterceptor to read the principal like this:
> final Principal p = (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);
> 2) Extend the WSS4JInInterceptor to parse the SAMLToken (or the transformed 
> if available), read the subject and create the CXF SecurityContext.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to