created as https://issues.apache.org/activemq/browse/SM-895 with attached
diff file
I changed the proposed lines to:
if (request.getUserPrincipal() != null) {
if (request.getUserPrincipal() instanceof JaasJettyPrincipal) {
Subject subject = ((JaasJettyPrincipal)
request.getUserPrincipal()).getSubject();
exchange.getMessage
("in").setSecuritySubject(subject);
}
}
So that it could actually compile :P
On 3/23/07, Guillaume Nodet <[EMAIL PROTECTED]> wrote:
Could you please raise a JIRA and attahc your patch
as a diff file if possible ? Thanks !
On 3/23/07, Eduardo Burgos <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
>
> This is regarding HttpConsumerEndpoint class, which is
> HttpSoapConsumerEndpoint's superclass. I tried to dynamically deploy a
> HttpSoapConsumerEndpoint into a servicemix-http, it worked very well,
but
> I
> noticed some different behavior compared to the old HttpEndpoint. If I
> used
> HttpEndpoint, every time I log in using http, the underlying
> NormalizedMessage carries in the securitySubject a Principal that
> identifies
> the user, this is not the case with
> HttpSoapConsumerEndpoint/HttpConsumerEndpoint. Since those new
> HttpEndpointTypes now use a marshaler (which is by default the
> DefaultHttpConsumerMarshaler) then Im not sure if this is actually
> intended.
> Is it intended that the HttpConsumerEndpoint is left without this
security
> feature so that I have to actually implement it in a new Marshaler?
>
> I found 2 solutions:
> 1) I can build a new HttpConsumerMarshaler and handle the createExchange
> method so that it uses the request and inserts a SecuritySubject in the
> MessageExchange that its just about to create. That would work, however,
I
> still think that security should be a little more servicemix native.
>
> 2) I would modify HttpConsumerEndpoint.java in
> org.apache.servicemix.http.endpoints.HttpConsumerEndpoint and insert the
> following lines between lines 217 and 218 which are respectively:
> 217- exchange = createExchange(request);
> 218- locks.put(exchage.getExchangeId(), cont);
>
>
> proposed lines:
>
> 217- exchange = createExchange(request);
> 218- if (request.getUserPrincipal() != null) {
> 219- if (request.getUserPrincipal() instanceof
> JaasJettyPrincipal)
> {
> 220- Subject subject = ((JaasJettyPrincipal)
> request.getUserPrincipal()).getSubject();
> 221- context.getInMessage
().setSubject(subject);
> 222- } else {
> 223- context.getInMessage().addPrincipal(
> request.getUserPrincipal());
> 224- }
> 225- }
> 226- locks.put(exchage.getExchangeId(), cont);
>
>
> I chose option 2 by modifying HttpConsumerEndpoint's code until there is
a
> final solution.
>
> Any comments? Guillaume?
>
>
> Regards,
>
> Eduardo Burgos
>
--
Cheers,
Guillaume Nodet
------------------------
Architect, LogicBlaze (http://www.logicblaze.com/)
Blog: http://gnodet.blogspot.com/
