Hi
On Fri, Nov 5, 2010 at 2:21 PM, Jason Pell <[email protected]> wrote:
> Hi,
>
> I am struggling with configuring CXF and spring security. I am running the
> 2.3.1-SNAPSHOT which has some improvements to the WSS4JInInterceptor. So
> basically what I have is a JAX-WS service using ws-security to authenticate
> using username password token. The username is the uid= of the DN of a
> user
> record in LDAP.
>
> What I want is for the Principal saved into teh CXF SecurityContext to have
> the Full DN of the user.
>
> So what I have setup by way of interceptors are:
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
> (ws-security.ut.no-callbacks = true)
> I have a custom class which extends
> org.apache.cxf.interceptor.security.AbstractUsernameTokenInInterceptor to
> use spring security to create the Subject. I am creating a subject with
> the
> full DN of the user.
>
> However the
> org.apache.cxf.interceptor.security.AbstractSecurityContextInInterceptor
> ignores this and recreates the SecurityContext with the original username
>
> SecurityContext sc = createSecurityContext(context.getUserPrincipal(),
> subject);
>
>
the assumption was that the Principal created by WSS4J initially does
represent the final/correct Principal.
So may be the interceptor should be updated like this :
List<?> principals = subject.getPrincipals();
Principal p = principals.size() > 0 && !(principals.get(0) instanceof Group)
? (Principal)principals.get(0) :
context.getUserPrincipal();
SecurityContext sc = createSecurityContext(p, subject);
something like that...
What do you think ?
cheers, Sergey
So I am kind of up the creek without any kind of paddle :-)
>
> Any suggestions for how I might proceed. I guess I can always create my
> own
> interceptor from scratch to do this. I already did the same thing to
> populate the full DN of groups.
>
