[jira] [Comment Edited] (CXF-6401) Change the order that the set of security results are searched to create a security context

[Stuart Charlton (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CXF-6401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14545555#comment-14545555
 ] 

Stuart Charlton edited comment on CXF-6401 at 5/15/15 2:21 PM:
---------------------------------------------------------------

Hi Colm,  

I'm not sure this fixed the issue.   I've run this through a debugger and the 
SAML Principal is indeed created, but then the loop continues to run and the 
WSConstants.ST_SIGNED or WSConstants.ST_UNSIGNED principal is overridden by 
WSConstants.SIGN.   

Perhaps what you want is a labelled break to get out of the outer loop ,


was (Author: svrc):
Hi Colm,  

I'm not sure this fixed the issue.   I've run this through a debugger and the 
SAML Principal is indeed created, but then the loop continues to run and the 
WSConstants.ST_SIGNED or WSConstants.ST_UNSIGNED principal is overridden by 
WSConstants.SIGN.   

Perhaps what you want is a labelled break to get out of the outer loop , i.e.

index a08251c..140d522 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
@@ -560,6 +560,7 @@ public class WSS4JInInterceptor extends 
AbstractWSS4JInterceptor {
         resultPriorities.add(WSConstants.SIGN);
         resultPriorities.add(WSConstants.UT_NOPASSWORD);
         
+    outer:
         for (Integer resultPriority : resultPriorities) {
             if (resultPriority == WSConstants.ST_UNSIGNED && 
!allowUnsignedSamlPrincipals) {
                 continue;
@@ -582,7 +583,7 @@ public class WSS4JInInterceptor extends 
AbstractWSS4JInterceptor {
                         createSecurityContext(msg, useJAASSubject, result, 
utWithCallbacks);
                     if (context != null) {
                         msg.put(SecurityContext.class, context);
-                        break;
+                        break outer;
                     }
                 }
             }

> Change the order that the set of security results are searched to create a 
> security context
> -------------------------------------------------------------------------------------------
>
>                 Key: CXF-6401
>                 URL: https://issues.apache.org/jira/browse/CXF-6401
>             Project: CXF
>          Issue Type: Improvement
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>             Fix For: 3.1.1, 3.0.6
>
>
> Right now we search the list of security results from WSS4J from the last 
> result backwards, and stop when we meet a result that can be used to create a 
> security context. However, we should instead create a list of desired 
> tokens/actions with a priority to each one. So for example, if a (signed) 
> SAML token is in the security header, this should have a higher priority than 
> say a Signature, as the likely intention of the service logic is that the 
> SAML Token encapsulates the user identity.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)