Author: sergeyb
Date: Wed Apr 21 21:33:22 2010
New Revision: 936521
URL: http://svn.apache.org/viewvc?rev=936521&view=rev
Log:
CXF-2754: addressing a case where UsernameTokenInterceptor is used in
policy-first cases
Added:
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationTest.java
(with props)
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/client/client_restricted_unauthorized.xml
(with props)
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer.java
(with props)
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java
(with props)
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/server_restricted_authorized.xml
(with props)
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/UsernameTokenInterceptorProvider.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=936521&r1=936520&r2=936521&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Wed Apr 21 21:33:22 2010
@@ -30,6 +30,8 @@ import java.util.Set;
public final class SecurityConstants {
public static final String USERNAME = "ws-security.username";
public static final String PASSWORD = "ws-security.password";
+ public static final String VALIDATE_PASSWORD =
"ws-security.validate.password";
+
public static final String CALLBACK_HANDLER =
"ws-security.callback-handler";
public static final String SIGNATURE_USERNAME =
"ws-security.signature.username";
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java?rev=936521&r1=936520&r2=936521&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
Wed Apr 21 21:33:22 2010
@@ -158,7 +158,7 @@ public final class WSSecurityPolicyLoade
reg.register(new WSSecurityInterceptorProvider());
reg.register(new HttpsTokenInterceptorProvider());
reg.register(new IssuedTokenInterceptorProvider());
- reg.register(new UsernameTokenInterceptorProvider());
+ reg.register(new UsernameTokenInterceptorProvider(bus));
reg.register(new SecureConversationTokenInterceptorProvider());
}
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/UsernameTokenInterceptorProvider.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/UsernameTokenInterceptorProvider.java?rev=936521&r1=936520&r2=936521&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/UsernameTokenInterceptorProvider.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/UsernameTokenInterceptorProvider.java
Wed Apr 21 21:33:22 2010
@@ -24,6 +24,7 @@ import java.util.Collection;
import javax.xml.namespace.QName;
+import org.apache.cxf.Bus;
import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor;
@@ -40,9 +41,19 @@ public class UsernameTokenInterceptorPro
}
public UsernameTokenInterceptorProvider() {
+ this(new UsernameTokenInterceptor());
+ }
+
+ public UsernameTokenInterceptorProvider(Bus bus) {
+ this((UsernameTokenInterceptor)
+
bus.getProperty("org.apache.cxf.ws.security.usernametoken.interceptor"));
+ }
+
+ public UsernameTokenInterceptorProvider(UsernameTokenInterceptor
inInterceptor) {
super(ASSERTION_TYPES);
this.getOutInterceptors().add(new UsernameTokenInterceptor());
- this.getInInterceptors().add(new UsernameTokenInterceptor());
+ this.getInInterceptors().add(inInterceptor == null ? new
UsernameTokenInterceptor() : inInterceptor);
//not needed on fault chains
}
+
}
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java?rev=936521&r1=936520&r2=936521&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
Wed Apr 21 21:33:22 2010
@@ -27,6 +27,7 @@ import java.util.Set;
import java.util.Vector;
import java.util.logging.Logger;
+import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
@@ -75,7 +76,6 @@ public class UsernameTokenInterceptor ex
HEADERS.add(new QName(WSConstants.WSSE11_NS, "Security"));
}
-
/**
* @param p
*/
@@ -124,11 +124,8 @@ public class UsernameTokenInterceptor ex
Element child = DOMUtils.getFirstElement(el);
while (child != null) {
if (SPConstants.USERNAME_TOKEN.equals(child.getLocalName())) {
- UsernameTokenProcessor p = new UsernameTokenProcessor();
-
try {
- final WSUsernameTokenPrincipal princ =
p.handleUsernameToken(child,
-
getCallback(message));
+ final WSUsernameTokenPrincipal princ = getPrincipal(child,
message);
if (princ != null) {
Vector<WSSecurityEngineResult>v = new
Vector<WSSecurityEngineResult>();
v.add(0, new WSSecurityEngineResult(WSConstants.UT,
princ, null, null, null));
@@ -145,15 +142,10 @@ public class UsernameTokenInterceptor ex
message.put(WSS4JInInterceptor.PRINCIPAL_RESULT,
princ);
SecurityContext sc =
message.get(SecurityContext.class);
if (sc == null || sc.getUserPrincipal() == null) {
- SecurityContext c = new SecurityContext() {
- public Principal getUserPrincipal() {
- return princ;
- }
- public boolean isUserInRole(String role) {
- return false;
- }
- };
- message.put(SecurityContext.class, c);
+ Subject subject = createSubject(princ.getName(),
princ.getPassword(),
+ princ.isPasswordDigest(), princ.getNonce(),
princ.getCreatedTime());
+ message.put(SecurityContext.class,
+ createSecurityContext(princ, subject));
}
}
@@ -165,6 +157,56 @@ public class UsernameTokenInterceptor ex
}
}
+ protected WSUsernameTokenPrincipal getPrincipal(Element tokenElement,
SoapMessage message)
+ throws WSSecurityException {
+
+ Object validateProperty =
message.getContextualProperty(SecurityConstants.VALIDATE_PASSWORD);
+ if (validateProperty == null || MessageUtils.isTrue(validateProperty))
{
+ UsernameTokenProcessor p = new UsernameTokenProcessor();
+ return p.handleUsernameToken(tokenElement, getCallback(message));
+ } else {
+ return parseTokenAndCreatePrincipal(tokenElement);
+ }
+ }
+
+ protected WSUsernameTokenPrincipal parseTokenAndCreatePrincipal(Element
tokenElement)
+ throws WSSecurityException {
+ org.apache.ws.security.message.token.UsernameToken ut =
+ new
org.apache.ws.security.message.token.UsernameToken(tokenElement, false);
+
+ WSUsernameTokenPrincipal principal = new
WSUsernameTokenPrincipal(ut.getName(), ut.isHashed());
+ principal.setNonce(ut.getNonce());
+ principal.setPassword(ut.getPassword());
+ principal.setCreatedTime(ut.getCreated());
+ principal.setPasswordType(ut.getPasswordType());
+
+ return principal;
+ }
+
+ protected SecurityContext createSecurityContext(final Principal p, Subject
subject) {
+ return new DefaultSecurityContext(p, subject);
+ }
+
+ /**
+ * Create a Subject representing a current user and its roles.
+ * This Subject is expected to contain at least one Principal representing
a user
+ * and optionally followed by one or more principal Groups this user is a
member of.
+ * @param name username
+ * @param password password
+ * @param isDigest true if a password digest is used
+ * @param nonce optional nonce
+ * @param created optional timestamp
+ * @return subject
+ * @throws SecurityException
+ */
+ protected Subject createSubject(String name,
+ String password,
+ boolean isDigest,
+ String nonce,
+ String created) throws SecurityException {
+ return null;
+ }
+
private UsernameToken assertUsernameTokens(SoapMessage message,
WSUsernameTokenPrincipal princ) {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> ais =
aim.getAssertionInfo(SP12Constants.USERNAME_TOKEN);
@@ -338,4 +380,6 @@ public class UsernameTokenInterceptor ex
}
throw new PolicyException(reason);
}
+
+
}
Added:
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationTest.java?rev=936521&view=auto
==============================================================================
---
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationTest.java
(added)
+++
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationTest.java
Wed Apr 21 21:33:22 2010
@@ -0,0 +1,110 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.wssec10;
+
+
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.systest.ws.wssec10.server.AuthorizedServer;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import wssec.wssec10.IPingService;
+import wssec.wssec10.PingService;
+
+
+/**
+ *
+ */
+public class WSSecurity10UsernameAuthorizationTest extends
AbstractBusClientServerTestBase {
+
+ private static final String INPUT = "foo";
+
+ @BeforeClass
+ public static void startServers() throws Exception {
+
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(AuthorizedServer.class, true)
+ );
+ }
+
+ @Test
+ public void testClientServerAuthorized() {
+
+ IPingService port = getPort(
+ "org/apache/cxf/systest/ws/wssec10/client/client_restricted.xml");
+
+ final String output = port.echo(INPUT);
+ assertEquals(INPUT, output);
+ }
+
+ @Test
+ public void testClientServerUnauthorized() {
+
+ IPingService port = getPort(
+
"org/apache/cxf/systest/ws/wssec10/client/client_restricted_unauthorized.xml");
+
+ try {
+ port.echo(INPUT);
+ fail("Frank is unauthorized");
+ } catch (Exception ex) {
+ assertEquals("Unauthorized", ex.getMessage());
+ }
+ }
+
+ private static IPingService getPort(String configName) {
+ Bus bus = new SpringBusFactory().createBus(configName);
+
+ BusFactory.setDefaultBus(bus);
+ BusFactory.setThreadDefaultBus(bus);
+ PingService svc = new PingService(getWsdlLocation());
+ final IPingService port =
+ svc.getPort(
+ new QName(
+ "http://WSSec/wssec10";,
+ "UserName_IPingService"
+ ),
+ IPingService.class
+ );
+ return port;
+ }
+
+ private static URL getWsdlLocation() {
+ try {
+ return new URL("http://localhost:9003/"; + "UserName" + "?wsdl");
+ } catch (MalformedURLException mue) {
+ return null;
+ }
+
+ }
+
+
+}
Propchange:
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationTest.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/client/client_restricted_unauthorized.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/client/client_restricted_unauthorized.xml?rev=936521&view=auto
==============================================================================
---
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/client/client_restricted_unauthorized.xml
(added)
+++
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/client/client_restricted_unauthorized.xml
Wed Apr 21 21:33:22 2010
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns:http="http://cxf.apache.org/transports/http/configuration";
+ xmlns:jaxws="http://cxf.apache.org/jaxws";
+ xmlns:cxf="http://cxf.apache.org/core";
+ xmlns:p="http://cxf.apache.org/policy";
+ xmlns:sec="http://cxf.apache.org/configuration/security";
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
+ http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://cxf.apache.org/policy
http://cxf.apache.org/schemas/policy.xsd";
+>
+ <cxf:bus>
+ <cxf:features>
+ <p:policies/>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+
+
+ <jaxws:client name="{http://WSSec/wssec10}UserName_IPingService";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Frank"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+ </jaxws:properties>
+ </jaxws:client>
+
+</beans>
Propchange:
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/client/client_restricted_unauthorized.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/client/client_restricted_unauthorized.xml
------------------------------------------------------------------------------
svn:keywords = Rev Date
Propchange:
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/client/client_restricted_unauthorized.xml
------------------------------------------------------------------------------
svn:mime-type = text/xml
Added:
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer.java?rev=936521&view=auto
==============================================================================
---
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer.java
(added)
+++
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer.java
Wed Apr 21 21:33:22 2010
@@ -0,0 +1,51 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.ws.wssec10.server;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class AuthorizedServer extends AbstractBusTestServerBase {
+
+ private static String configFileName =
+
"org/apache/cxf/systest/ws/wssec10/server/server_restricted_authorized.xml";
+
+ public AuthorizedServer() throws Exception {
+
+ }
+
+ protected void run() {
+ Bus busLocal = new SpringBusFactory().createBus(configFileName);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+ }
+
+ public static void main(String args[]) throws Exception {
+ new AuthorizedServer();
+ new SpringBusFactory().createBus(configFileName);
+ System.out.println("Server ready...");
+
+ Thread.sleep(60 * 60 * 1000);
+ System.out.println("Server exiting");
+ System.exit(0);
+ }
+}
+
Propchange:
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java?rev=936521&view=auto
==============================================================================
---
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java
(added)
+++
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java
Wed Apr 21 21:33:22 2010
@@ -0,0 +1,67 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.ws.wssec10.server;
+
+import javax.security.auth.Subject;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.security.SimpleGroup;
+import org.apache.cxf.common.security.SimplePrincipal;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor;
+
+public class CustomUsernameTokenInterceptor extends UsernameTokenInterceptor {
+
+ protected Subject createSubject(String name,
+ String password,
+ boolean isDigest,
+ String nonce,
+ String created) throws SecurityException {
+ Subject subject = new Subject();
+
+ // delegate to the external security system if possible
+
+ // authenticate the user somehow
+ subject.getPrincipals().add(new SimplePrincipal(name));
+
+ // add roles this user is in
+ String roleName = "Alice".equals(name) ? "developers" : "pms";
+
+ subject.getPrincipals().add(new SimpleGroup(roleName, name));
+ subject.setReadOnly();
+ return subject;
+ }
+
+ public void handleMessage(SoapMessage message) throws Fault {
+ message.put(SecurityConstants.VALIDATE_PASSWORD, Boolean.FALSE);
+ super.handleMessage(message);
+ }
+
+ // or, if needed
+
+ // protected WSUsernameTokenPrincipal getPrincipal(Element tokenElement,
SoapMessage message)
+ // throws WSSecurityException {
+ // return super.parseTokenAndCreatePrincipal(tokenElement);
+ //}
+
+
+}
+
+
Propchange:
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/server_restricted_authorized.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/server_restricted_authorized.xml?rev=936521&view=auto
==============================================================================
---
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/server_restricted_authorized.xml
(added)
+++
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/server_restricted_authorized.xml
Wed Apr 21 21:33:22 2010
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns:jaxws="http://cxf.apache.org/jaxws";
+ xmlns:http="http://cxf.apache.org/transports/http/configuration";
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration";
+ xmlns:sec="http://cxf.apache.org/configuration/security";
+ xmlns:security="http://schemas.iona.com/soa/security-config";
+ xmlns:interop="http://WSSec/wssec10";
+ xmlns:cxf="http://cxf.apache.org/core";
+ xmlns:p="http://cxf.apache.org/policy";
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
+ http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration
http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
+ http://schemas.iona.com/soa/security-config
http://schemas.iona.com/soa/security-config.xsd
+ ">
+
+ <cxf:bus>
+ <cxf:features>
+ <p:policies/>
+ <cxf:logging/>
+ </cxf:features>
+
+ <cxf:properties>
+ <entry key="org.apache.cxf.ws.security.usernametoken.interceptor"
+ value-ref="customUTInterceptor"/>
+ </cxf:properties>
+ </cxf:bus>
+
+ <bean id="customUTInterceptor"
class="org.apache.cxf.systest.ws.wssec10.server.CustomUsernameTokenInterceptor"/>
+
+ <!-- -->
+ <!-- Any services listening on port 9001 must use the following -->
+ <!-- Transport Layer Security (TLS) settings -->
+ <!-- -->
+ <httpj:engine-factory id="tls-settings">
+ <httpj:engine port="9001">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="jks" password="password"
resource="org/apache/cxf/systest/ws/wssec10/certs/restricted/bob.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="password"
resource="org/apache/cxf/systest/ws/wssec10/certs/restricted/alice.jks"/>
+ </sec:trustManagers>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="authorizationInterceptor"
class="org.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor">
+ <property name="methodRolesMap">
+ <map>
+ <entry key="echo" value="developers"/>
+ </map>
+ </property>
+ </bean>
+
+ <jaxws:endpoint
+ id="UserName"
+ address="http://localhost:9003/UserName";
+ serviceName="interop:PingService"
+ endpointName="interop:UserName_IPingService"
+
implementor="org.apache.cxf.systest.ws.wssec10.server.UserNameOverTransportRestricted"
+ depends-on="tls-settings">
+
+ <jaxws:inInterceptors>
+ <ref bean="authorizationInterceptor"/>
+ </jaxws:inInterceptors>
+
+ </jaxws:endpoint>
+
+</beans>
Propchange:
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/server_restricted_authorized.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/server_restricted_authorized.xml
------------------------------------------------------------------------------
svn:keywords = Rev Date
Propchange:
cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/server_restricted_authorized.xml
------------------------------------------------------------------------------
svn:mime-type = text/xml
