git commit: [CXF-5864] Optional support for anonymous users
Repository: cxf Updated Branches: refs/heads/2.6.x-fixes 05239840b -> 915cabf8b [CXF-5864] Optional support for anonymous users Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/915cabf8 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/915cabf8 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/915cabf8 Branch: refs/heads/2.6.x-fixes Commit: 915cabf8b784cd7a363d765c7a3f70cdef85d449 Parents: 0523984 Author: Sergey Beryozkin Authored: Wed Jul 9 14:24:18 2014 +0100 Committer: Sergey Beryozkin Committed: Wed Jul 9 14:37:16 2014 +0100 -- .../AbstractAuthorizingInInterceptor.java | 18 ++-- .../OperationInfoAuthorizingInterceptor.java| 15 ++--- .../SimpleAuthorizingInterceptorTest.java | 22 ++-- 3 files changed, 48 insertions(+), 7 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/915cabf8/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java -- diff --git a/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java b/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java index 11f6b31..d4f22f1 100644 --- a/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java +++ b/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java @@ -38,21 +38,24 @@ public abstract class AbstractAuthorizingInInterceptor extends AbstractPhaseInte private static final Logger LOG = LogUtils.getL7dLogger(AbstractAuthorizingInInterceptor.class); private static final String ALL_ROLES = "*"; - +private boolean allowAnonymousUsers = true; public AbstractAuthorizingInInterceptor() { super(Phase.PRE_INVOKE); } public void handleMessage(Message message) throws Fault { +Method method = getTargetMethod(message); SecurityContext sc = message.get(SecurityContext.class); if (sc != null && sc.getUserPrincipal() != null) { -Method method = getTargetMethod(message); if (authorize(sc, method)) { return; } +} else if (!isMethodProtected(method) && isAllowAnonymousUsers()) { +return; } + throw new AccessDeniedException("Unauthorized"); } @@ -87,6 +90,9 @@ public abstract class AbstractAuthorizingInInterceptor extends AbstractPhaseInte } return false; } +protected boolean isMethodProtected(Method method) { +return !getExpectedRoles(method).isEmpty() || !getDenyRoles(method).isEmpty(); +} protected boolean isUserInRole(SecurityContext sc, List roles, boolean deny) { @@ -118,5 +124,13 @@ public abstract class AbstractAuthorizingInInterceptor extends AbstractPhaseInte protected List getDenyRoles(Method method) { return Collections.emptyList(); } + +public boolean isAllowAnonymousUsers() { +return allowAnonymousUsers; +} + +public void setAllowAnonymousUsers(boolean allowAnonymousUsers) { +this.allowAnonymousUsers = allowAnonymousUsers; +} } http://git-wip-us.apache.org/repos/asf/cxf/blob/915cabf8/rt/core/src/main/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptor.java -- diff --git a/rt/core/src/main/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptor.java b/rt/core/src/main/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptor.java index b7e496c..f0dbaa0 100755 --- a/rt/core/src/main/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptor.java +++ b/rt/core/src/main/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptor.java @@ -39,13 +39,15 @@ public class OperationInfoAuthorizingInterceptor extends SimpleAuthorizingInterc @Override public void handleMessage(Message message) throws Fault { +OperationInfo opinfo = getTargetOperationInfo(message); SecurityContext sc = message.get(SecurityContext.class); if (sc != null && sc.getUserPrincipal() != null) { -OperationInfo opinfo = getTargetOperationInfo(message); -if (opinfo != null && opinfo.getName() != null +if (opinfo.getName() != null && authorize(sc, opinfo.getName().getLocalPart())) { return; } +} else if (!isMethodProtected(opinfo.getName().getLocalPart()) && isAllowAnonymousUsers()) { +return; }
git commit: [CXF-5864] Optional support for anonymous users
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes 18f7085cb -> beb6b97ae [CXF-5864] Optional support for anonymous users Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/beb6b97a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/beb6b97a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/beb6b97a Branch: refs/heads/2.7.x-fixes Commit: beb6b97aecc306b60225256f6c053fa2c5181c3d Parents: 18f7085 Author: Sergey Beryozkin Authored: Wed Jul 9 14:24:18 2014 +0100 Committer: Sergey Beryozkin Committed: Wed Jul 9 14:34:17 2014 +0100 -- .../AbstractAuthorizingInInterceptor.java | 18 ++-- .../OperationInfoAuthorizingInterceptor.java| 15 ++--- .../SimpleAuthorizingInterceptorTest.java | 22 ++-- 3 files changed, 48 insertions(+), 7 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/beb6b97a/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java -- diff --git a/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java b/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java index 11f6b31..d4f22f1 100644 --- a/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java +++ b/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java @@ -38,21 +38,24 @@ public abstract class AbstractAuthorizingInInterceptor extends AbstractPhaseInte private static final Logger LOG = LogUtils.getL7dLogger(AbstractAuthorizingInInterceptor.class); private static final String ALL_ROLES = "*"; - +private boolean allowAnonymousUsers = true; public AbstractAuthorizingInInterceptor() { super(Phase.PRE_INVOKE); } public void handleMessage(Message message) throws Fault { +Method method = getTargetMethod(message); SecurityContext sc = message.get(SecurityContext.class); if (sc != null && sc.getUserPrincipal() != null) { -Method method = getTargetMethod(message); if (authorize(sc, method)) { return; } +} else if (!isMethodProtected(method) && isAllowAnonymousUsers()) { +return; } + throw new AccessDeniedException("Unauthorized"); } @@ -87,6 +90,9 @@ public abstract class AbstractAuthorizingInInterceptor extends AbstractPhaseInte } return false; } +protected boolean isMethodProtected(Method method) { +return !getExpectedRoles(method).isEmpty() || !getDenyRoles(method).isEmpty(); +} protected boolean isUserInRole(SecurityContext sc, List roles, boolean deny) { @@ -118,5 +124,13 @@ public abstract class AbstractAuthorizingInInterceptor extends AbstractPhaseInte protected List getDenyRoles(Method method) { return Collections.emptyList(); } + +public boolean isAllowAnonymousUsers() { +return allowAnonymousUsers; +} + +public void setAllowAnonymousUsers(boolean allowAnonymousUsers) { +this.allowAnonymousUsers = allowAnonymousUsers; +} } http://git-wip-us.apache.org/repos/asf/cxf/blob/beb6b97a/rt/core/src/main/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptor.java -- diff --git a/rt/core/src/main/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptor.java b/rt/core/src/main/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptor.java index b7e496c..f0dbaa0 100755 --- a/rt/core/src/main/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptor.java +++ b/rt/core/src/main/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptor.java @@ -39,13 +39,15 @@ public class OperationInfoAuthorizingInterceptor extends SimpleAuthorizingInterc @Override public void handleMessage(Message message) throws Fault { +OperationInfo opinfo = getTargetOperationInfo(message); SecurityContext sc = message.get(SecurityContext.class); if (sc != null && sc.getUserPrincipal() != null) { -OperationInfo opinfo = getTargetOperationInfo(message); -if (opinfo != null && opinfo.getName() != null +if (opinfo.getName() != null && authorize(sc, opinfo.getName().getLocalPart())) { return; } +} else if (!isMethodProtected(opinfo.getName().getLocalPart()) && isAllowAnonymousUsers()) { +return; }
git commit: [CXF-5864] Optional support for anonymous users
Repository: cxf Updated Branches: refs/heads/master badfac577 -> 38a9b6614 [CXF-5864] Optional support for anonymous users Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/38a9b661 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/38a9b661 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/38a9b661 Branch: refs/heads/master Commit: 38a9b6614c4c28014710eb47c40d77c8adf54071 Parents: badfac5 Author: Sergey Beryozkin Authored: Wed Jul 9 14:24:18 2014 +0100 Committer: Sergey Beryozkin Committed: Wed Jul 9 14:24:18 2014 +0100 -- .../AbstractAuthorizingInInterceptor.java | 18 ++-- .../OperationInfoAuthorizingInterceptor.java| 15 ++--- .../SimpleAuthorizingInterceptorTest.java | 22 ++-- 3 files changed, 48 insertions(+), 7 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/38a9b661/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java -- diff --git a/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java b/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java index 11f6b31..d4f22f1 100644 --- a/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java +++ b/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java @@ -38,21 +38,24 @@ public abstract class AbstractAuthorizingInInterceptor extends AbstractPhaseInte private static final Logger LOG = LogUtils.getL7dLogger(AbstractAuthorizingInInterceptor.class); private static final String ALL_ROLES = "*"; - +private boolean allowAnonymousUsers = true; public AbstractAuthorizingInInterceptor() { super(Phase.PRE_INVOKE); } public void handleMessage(Message message) throws Fault { +Method method = getTargetMethod(message); SecurityContext sc = message.get(SecurityContext.class); if (sc != null && sc.getUserPrincipal() != null) { -Method method = getTargetMethod(message); if (authorize(sc, method)) { return; } +} else if (!isMethodProtected(method) && isAllowAnonymousUsers()) { +return; } + throw new AccessDeniedException("Unauthorized"); } @@ -87,6 +90,9 @@ public abstract class AbstractAuthorizingInInterceptor extends AbstractPhaseInte } return false; } +protected boolean isMethodProtected(Method method) { +return !getExpectedRoles(method).isEmpty() || !getDenyRoles(method).isEmpty(); +} protected boolean isUserInRole(SecurityContext sc, List roles, boolean deny) { @@ -118,5 +124,13 @@ public abstract class AbstractAuthorizingInInterceptor extends AbstractPhaseInte protected List getDenyRoles(Method method) { return Collections.emptyList(); } + +public boolean isAllowAnonymousUsers() { +return allowAnonymousUsers; +} + +public void setAllowAnonymousUsers(boolean allowAnonymousUsers) { +this.allowAnonymousUsers = allowAnonymousUsers; +} } http://git-wip-us.apache.org/repos/asf/cxf/blob/38a9b661/core/src/main/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptor.java -- diff --git a/core/src/main/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptor.java b/core/src/main/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptor.java index b7e496c..f0dbaa0 100755 --- a/core/src/main/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptor.java +++ b/core/src/main/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptor.java @@ -39,13 +39,15 @@ public class OperationInfoAuthorizingInterceptor extends SimpleAuthorizingInterc @Override public void handleMessage(Message message) throws Fault { +OperationInfo opinfo = getTargetOperationInfo(message); SecurityContext sc = message.get(SecurityContext.class); if (sc != null && sc.getUserPrincipal() != null) { -OperationInfo opinfo = getTargetOperationInfo(message); -if (opinfo != null && opinfo.getName() != null +if (opinfo.getName() != null && authorize(sc, opinfo.getName().getLocalPart())) { return; } +} else if (!isMethodProtected(opinfo.getName().getLocalPart()) && isAllowAnonymousUsers()) { +return; } throw new AccessDenie