Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 61f520d3a -> 9edc70a5d
Adding a new JAX-RS property to control Kerberos request delegation Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9edc70a5 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9edc70a5 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9edc70a5 Branch: refs/heads/3.0.x-fixes Commit: 9edc70a5de9724e4e8d273a591b05ec64015a1d9 Parents: 61f520d Author: Colm O hEigeartaigh <[email protected]> Authored: Wed Oct 15 14:24:27 2014 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Wed Oct 15 14:30:02 2014 +0100 ---------------------------------------------------------------------- .../org/apache/cxf/ws/security/SecurityConstants.java | 11 ++++++++++- .../apache/cxf/ws/security/kerberos/KerberosUtils.java | 6 ++++++ 2 files changed, 16 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/9edc70a5/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java index bc286b6..96165bd 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java @@ -558,6 +558,14 @@ public final class SecurityConstants { // /** + * Whether to request credential delegation or not in the KerberosClient. If this is set to "true", + * then it tries to get a kerberos service ticket that can be used for delegation. The default + * is "false". + */ + public static final String KERBEROS_REQUEST_CREDENTIAL_DELEGATION = + "ws-security.kerberos.request.credential.delegation"; + + /** * Whether to use credential delegation or not in the KerberosClient. If this is set to "true", * then it tries to get a GSSCredential Object from the Message Context using the * DELEGATED_CREDENTIAL configuration tag below, and then use this to obtain a service ticket. @@ -618,7 +626,8 @@ public final class SecurityConstants { SAML_ONE_TIME_USE_CACHE_INSTANCE, ENABLE_STREAMING_SECURITY, RETURN_SECURITY_ERROR, CACHE_IDENTIFIER, CACHE_ISSUED_TOKEN_IN_ENDPOINT, PREFER_WSMEX_OVER_STS_CLIENT_CONFIG, DELEGATED_CREDENTIAL, KERBEROS_USE_CREDENTIAL_DELEGATION, - KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM, STS_TOKEN_IMMINENT_EXPIRY_VALUE + KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM, STS_TOKEN_IMMINENT_EXPIRY_VALUE, + KERBEROS_REQUEST_CREDENTIAL_DELEGATION })); ALL_PROPERTIES = Collections.unmodifiableSet(s); } http://git-wip-us.apache.org/repos/asf/cxf/blob/9edc70a5/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java index b739edb..73118cb 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java @@ -59,11 +59,17 @@ public final class KerberosUtils { SecurityConstants.KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM, false); + boolean requestCredentialDelegation = + MessageUtils.getContextualBoolean(message, + SecurityConstants.KERBEROS_REQUEST_CREDENTIAL_DELEGATION, + false); + client.setContextName(jaasContext); client.setServiceName(kerberosSpn); client.setCallbackHandler(callbackHandler); client.setUseDelegatedCredential(useCredentialDelegation); client.setUsernameServiceNameForm(isInServiceNameForm); + client.setRequestCredentialDelegation(requestCredentialDelegation); } return client; }
