Did you try with CXF 3.0.2 ? The older versions of CXF did not set the AccessControlContext.

Btw. if you use Blueprint you can also try the jaas authorization blueprint extension. See https://github.com/apache/aries/blob/trunk/blueprint/blueprint-itests/src/test/java/org/apache/aries/blueprint/itests/authz/AuthorizationTest.java

Christian

Am 18.01.2015 um 13:29 schrieb Niels Bertram:

I am trying to get the contexts Principal from the AccessControlContext as documented on stackexchange <http://stackoverflow.com/questions/20970380/get-current-user-in-an-osgi-context-fuse-karaf>.

Unfortunately whenever I retrieve the subject using the current AccessControlContext, the subject is null.

I basically create a very simple jaxrs server and register the CXF JAASAuthenticationFilter with the server:

<bean  id="authenticationFilter"  
class="org.apache.cxf.jaxrs.security.JAASAuthenticationFilter">
     <property  name="contextName"  value="karaf"  />
</bean>

<jaxrs:server  id="echoResource"  address="/rest/echo">
     <jaxrs:serviceBeans>
         <bean  class="org.apache.karaf.jaas.modules.mongo.test.EchoServiceImpl"  
/>
     </jaxrs:serviceBeans>
     <jaxrs:providers>
         <ref  component-id="authenticationFilter"  />
     </jaxrs:providers>
</jaxrs:server>

When I execute the REST service, I try to get the Subject in the code as below but it is always null:

AccessControlContext  acc=  AccessController.getContext();
if  (acc==  null) {
   throw  new  RuntimeException("access control context is null");
}

Subject  subject=  Subject.getSubject(acc);
if  (subject==  null) {
   throw  new  RuntimeException("subject is null");
}

Interestingly if I inject the javax.ws.rs.core.SecurityContext into the CXF REST service, I do get a security principal.

public  Response  echo(@Context  SecurityContext  context) {
    Principal  user=  context.getUserPrincipal();
}

Is there another configuration required in Karaf or is this a bug in either Karaf or CXF? Would love to hear if anyone else came across this.

Cheers, Niels

BTW: I tried the same in karaf 2.3.9, 2.4.1 and 3.0.2 with exact same result.



--
Christian Schneider
http://www.liquid-reality.de

Open Source Architect
Talend Application Integration Division http://www.talend.com

Reply via email to