Author: coheigea
Date: Wed Feb 22 12:51:44 2012
New Revision: 1292264
URL: http://svn.apache.org/viewvc?rev=1292264&view=rev
Log:
[CXF-3635] - WS-Trust SPNego (WCF message level spnego)
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1292264&r1=1292263&r2=1292264&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Wed Feb 22 12:51:44 2012
@@ -125,6 +125,12 @@ public final class SecurityConstants {
public static final String KERBEROS_SPN = "ws-security.kerberos.spn";
/**
+ * The SpnegoClientAction implementation to use for SPNEGO. This allows
the user to plug in
+ * a different implementation to obtain a service ticket.
+ */
+ public static final String SPNEGO_CLIENT_ACTION =
"ws-security.spnego.client.action";
+
+ /**
* Set this to "false" to not cache a SecurityToken per proxy object in
the
* IssuedTokenInterceptorProvider. This should be done if a token is being
retrieved
* from an STS in an intermediary. The default value is "true".
@@ -146,7 +152,7 @@ public final class SecurityConstants {
SIGNATURE_TOKEN_VALIDATOR, IS_BSP_COMPLIANT, TIMESTAMP_FUTURE_TTL,
BST_TOKEN_VALIDATOR, SAML_CALLBACK_HANDLER, STS_TOKEN_ON_BEHALF_OF,
KERBEROS_CLIENT, SCT_TOKEN_VALIDATOR,
CACHE_ISSUED_TOKEN_IN_ENDPOINT,
- KERBEROS_JAAS_CONTEXT_NAME, KERBEROS_SPN
+ KERBEROS_JAAS_CONTEXT_NAME, KERBEROS_SPN, SPNEGO_CLIENT_ACTION
}));
ALL_PROPERTIES = Collections.unmodifiableSet(s);
}
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java?rev=1292264&r1=1292263&r2=1292264&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
Wed Feb 22 12:51:44 2012
@@ -39,6 +39,7 @@ import org.apache.cxf.ws.security.tokens
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.cxf.ws.security.trust.STSUtils;
import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.spnego.SpnegoClientAction;
import org.apache.ws.security.spnego.SpnegoTokenContext;
import org.apache.ws.security.util.Base64;
@@ -97,6 +98,12 @@ class SpnegoContextTokenOutInterceptor e
);
SpnegoTokenContext spnegoToken = new SpnegoTokenContext();
+ Object spnegoClientAction =
+
message.getContextualProperty(SecurityConstants.SPNEGO_CLIENT_ACTION);
+ if (spnegoClientAction instanceof SpnegoClientAction) {
+
spnegoToken.setSpnegoClientAction((SpnegoClientAction)spnegoClientAction);
+ }
+
try {
spnegoToken.retrieveServiceTicket(jaasContext, callbackHandler,
kerberosSpn);
} catch (WSSecurityException e) {
Modified:
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml?rev=1292264&r1=1292263&r2=1292264&view=diff
==============================================================================
---
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml
(original)
+++
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml
Wed Feb 22 12:51:44 2012
@@ -44,9 +44,6 @@
<jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItSpnegoSymmetricPort";
createdFromAPI="true">
<jaxws:properties>
- <entry key="ws-security.encryption.properties"
-
value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
- <entry key="ws-security.encryption.username" value="bob"/>
<entry key="ws-security.kerberos.jaas.context" value="alice" />
<entry key="ws-security.kerberos.spn"
value="[email protected]" />
</jaxws:properties>
@@ -55,9 +52,6 @@
<jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItSpnegoSymmetricDerivedPort";
createdFromAPI="true">
<jaxws:properties>
- <entry key="ws-security.encryption.properties"
-
value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
- <entry key="ws-security.encryption.username" value="bob"/>
<entry key="ws-security.kerberos.jaas.context" value="alice" />
<entry key="ws-security.kerberos.spn"
value="[email protected]" />
</jaxws:properties>
