cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes f269b76c5 -> bfc82958d Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/bfc82958 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/bfc82958 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/bfc82958 Branch: refs/heads/3.0.x-fixes Commit: bfc82958d2cf329bd622eb80184a0eb88894eb3d Parents: f269b76 Author: Colm O hEigeartaighAuthored: Fri Sep 8 15:45:31 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Sep 8 15:45:31 2017 +0100 -- .gitmergeinfo | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/bfc82958/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index bb4bf49..7ea563d 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -1003,6 +1003,7 @@ B 817727ddca9aad39a66f7001bf5f1c959dc7f581 B 81a7a670b8abe2145f51dcee0b8a49c6587603d6 B 81bc682a409806567fc3485157e184e72feaf086 B 81ed24d9802d8d82775e27c3326a58098ee883e8 +B 82581d6d720c0c1db73df0c128b3371ad9d734f8 B 826c9625710b4aac2a3d5bacd3858b57de5e0955 B 82ac9402b836ff58a131ed1c86226072ea267b42 B 82c4bff5276cc32490507fba4cb9d18539d41907 @@ -1410,6 +1411,7 @@ B b5fc90f09c6b039a54564e0825a264310453c550 B b6018a47e19bf98ad405baf51e363eae9972f4dd B b60702df6f4f8a651395999ee7cc583bb89589e3 B b63c63ffeb1f8d4e747ba2e9233be6aa635c00db +B b64da86f676f3ce69100b729a2fc128c72665512 B b6547f75a198e8b345c120b0b4f71f198b044660 B b6577a8fa68235fb8bb0103681906289bcf5e069 B b67537dbace0896073b55b375b8ccdc4cce83365
[1/2] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes fe33fcedc -> b64da86f6 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b64da86f Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b64da86f Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b64da86f Branch: refs/heads/3.1.x-fixes Commit: b64da86f676f3ce69100b729a2fc128c72665512 Parents: 82581d6 Author: Colm O hEigeartaighAuthored: Fri Sep 8 15:45:15 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Sep 8 15:45:15 2017 +0100 -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/b64da86f/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index ad72e81..049d4e5 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -887,6 +887,7 @@ M e92e57c1f14de911cd2315a907443c79e91a94de M ea97f3dd62a3a271faf7f363aca618d921c14abb M eb14ce9206bc43371f149f9d0b1c6e8e2682e5c0 M eb31ffe4f95c4dc6ac9a2ac56e15ae89b578359e +M ec7a52968e8e4d9e7727a7798b293389c1a3dd29 M ed9298066428c0dfc4590a556876d696a4ba13c0 M edae59057fd9061ee332667e4f2e066d5cad1f31 M ee248ce7a4a1b04bcbddbdcef82d695ccc140160
[2/2] cxf git commit: Add some hooks to either set or get some information relating to the kerberos authentication process
Add some hooks to either set or get some information relating to the kerberos authentication process # Conflicts: # rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java # rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/82581d6d Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/82581d6d Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/82581d6d Branch: refs/heads/3.1.x-fixes Commit: 82581d6d720c0c1db73df0c128b3371ad9d734f8 Parents: fe33fce Author: Colm O hEigeartaighAuthored: Fri Sep 8 15:42:03 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Sep 8 15:45:15 2017 +0100 -- .../jaxrs/security/KerberosAuthenticationFilter.java | 14 -- .../http/auth/AbstractSpnegoAuthSupplier.java | 11 +-- .../cxf/ws/security/kerberos/KerberosClient.java | 6 +- 3 files changed, 22 insertions(+), 9 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/82581d6d/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java -- diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java index 3390104..e3cd617 100644 --- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java +++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java @@ -105,16 +105,13 @@ public class KerberosAuthenticationFilter implements ContainerRequestFilter { if (index > 0) { simpleUserName = simpleUserName.substring(0, index); } +Message m = JAXRSUtils.getCurrentMessage(); +m.put(SecurityContext.class, createSecurityContext(simpleUserName, complexUserName, gssContext)); + if (!gssContext.getCredDelegState()) { gssContext.dispose(); gssContext = null; } -Message m = JAXRSUtils.getCurrentMessage(); -m.put(SecurityContext.class, -new KerberosSecurityContext(new KerberosPrincipal(simpleUserName, - complexUserName), -gssContext)); - } catch (LoginException e) { LOG.fine("Unsuccessful JAAS login for the service principal: " + e.getMessage()); throw ExceptionUtils.toNotAuthorizedException(e, getFaultResponse()); @@ -127,6 +124,11 @@ public class KerberosAuthenticationFilter implements ContainerRequestFilter { } } +protected SecurityContext createSecurityContext(String simpleUserName, String complexUserName, +GSSContext gssContext) { +return new KerberosSecurityContext(new KerberosPrincipal(simpleUserName, complexUserName), gssContext); +} + protected GSSContext createGSSContext() throws GSSException { boolean useKerberosOid = MessageUtils.isTrue( messageContext.getContextualProperty(PROPERTY_USE_KERBEROS_OID)); http://git-wip-us.apache.org/repos/asf/cxf/blob/82581d6d/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java -- diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java index 172d110..f62947e 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java @@ -138,7 +138,9 @@ public abstract class AbstractSpnegoAuthSupplier { if (delegatedCred != null) { return context.initSecContext(token, 0, token.length); } - + +decorateSubject(subject); + try { return (byte[])Subject.doAs(subject, new CreateServiceTicketAction(context, token)); } catch (PrivilegedActionException e) { @@ -149,7 +151,12 @@ public abstract class AbstractSpnegoAuthSupplier { return null; } } - + +// Allow subclasses to decorate the Subject if required. +protected void decorateSubject(Subject subject) { + +}
cxf git commit: Add some hooks to either set or get some information relating to the kerberos authentication process
Repository: cxf Updated Branches: refs/heads/master 4080fbafc -> ec7a52968 Add some hooks to either set or get some information relating to the kerberos authentication process Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ec7a5296 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ec7a5296 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ec7a5296 Branch: refs/heads/master Commit: ec7a52968e8e4d9e7727a7798b293389c1a3dd29 Parents: 4080fba Author: Colm O hEigeartaighAuthored: Fri Sep 8 15:42:03 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Sep 8 15:42:03 2017 +0100 -- .../jaxrs/security/KerberosAuthenticationFilter.java | 13 - .../http/auth/AbstractSpnegoAuthSupplier.java | 7 +++ .../cxf/ws/security/kerberos/KerberosClient.java | 6 +- 3 files changed, 20 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/ec7a5296/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java -- diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java index 0111022..924057a 100644 --- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java +++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java @@ -105,15 +105,13 @@ public class KerberosAuthenticationFilter implements ContainerRequestFilter { if (index > 0) { simpleUserName = simpleUserName.substring(0, index); } +Message m = JAXRSUtils.getCurrentMessage(); +m.put(SecurityContext.class, createSecurityContext(simpleUserName, complexUserName, gssContext)); + if (!gssContext.getCredDelegState()) { gssContext.dispose(); gssContext = null; } -Message m = JAXRSUtils.getCurrentMessage(); -m.put(SecurityContext.class, -new KerberosSecurityContext(new KerberosPrincipal(simpleUserName, - complexUserName), -gssContext)); } catch (LoginException e) { LOG.fine("Unsuccessful JAAS login for the service principal: " + e.getMessage()); @@ -127,6 +125,11 @@ public class KerberosAuthenticationFilter implements ContainerRequestFilter { } } +protected SecurityContext createSecurityContext(String simpleUserName, String complexUserName, +GSSContext gssContext) { +return new KerberosSecurityContext(new KerberosPrincipal(simpleUserName, complexUserName), gssContext); +} + protected GSSContext createGSSContext() throws GSSException { boolean useKerberosOid = PropertyUtils.isTrue( messageContext.getContextualProperty(PROPERTY_USE_KERBEROS_OID)); http://git-wip-us.apache.org/repos/asf/cxf/blob/ec7a5296/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java -- diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java index 464610f..2129e29 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java @@ -138,6 +138,8 @@ public abstract class AbstractSpnegoAuthSupplier { return context.initSecContext(token, 0, token.length); } +decorateSubject(subject); + try { return Subject.doAs(subject, new CreateServiceTicketAction(context, token)); } catch (PrivilegedActionException e) { @@ -149,6 +151,11 @@ public abstract class AbstractSpnegoAuthSupplier { } } +// Allow subclasses to decorate the Subject if required. +protected void decorateSubject(Subject subject) { + +} + protected boolean isCredDelegationRequired(Message message) { return MessageUtils.getContextualBoolean(message, PROPERTY_REQUIRE_CRED_DELEGATION, credDelegation); } http://git-wip-us.apache.org/repos/asf/cxf/blob/ec7a5296/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
cxf-fediz git commit: Adding an option to strip a path comp off from the dynamically calculated issuer uri
Repository: cxf-fediz Updated Branches: refs/heads/master bbe3cd4d2 -> 3aa1e51c1 Adding an option to strip a path comp off from the dynamically calculated issuer uri Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/3aa1e51c Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/3aa1e51c Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/3aa1e51c Branch: refs/heads/master Commit: 3aa1e51c19084c93b6e2b6ecc89b0181db137139 Parents: bbe3cd4 Author: Sergey BeryozkinAuthored: Fri Sep 8 11:58:40 2017 +0100 Committer: Sergey Beryozkin Committed: Fri Sep 8 12:00:11 2017 +0100 -- .../fediz/service/oidc/FedizSubjectCreator.java | 18 +- 1 file changed, 17 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3aa1e51c/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java -- diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java index 8479895..08e63dc 100644 --- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java +++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java @@ -18,6 +18,7 @@ */ package org.apache.cxf.fediz.service.oidc; +import java.net.URI; import java.security.Principal; import java.util.ArrayList; import java.util.Arrays; @@ -51,6 +52,7 @@ import org.opensaml.saml.saml2.core.Issuer; public class FedizSubjectCreator implements SubjectCreator { private static final String ROLES_SCOPE = "roles"; +private boolean stripPathFromIssuerUri; private String issuer; private long defaultTimeToLive = 3600L; private Map supportedClaims = Collections.emptyMap(); @@ -133,7 +135,17 @@ public class FedizSubjectCreator implements SubjectCreator { String realIssuer = null; if (issuer.startsWith("/")) { UriBuilder ub = mc.getUriInfo().getBaseUriBuilder(); -realIssuer = ub.path(issuer).build().toString(); +URI uri = ub.path(issuer).build(); +if (this.stripPathFromIssuerUri) { +StringBuilder sb = new StringBuilder(); + sb.append(uri.getScheme()).append("://").append(uri.getHost()); +if (uri.getPort() != -1) { +sb.append(':').append(uri.getPort()); +} +realIssuer = sb.toString(); +} else { +realIssuer = uri.toString(); +} } else { realIssuer = issuer; } @@ -257,4 +269,8 @@ public class FedizSubjectCreator implements SubjectCreator { this.supportedClaims = supportedClaims; } +public void setStripPathFromIssuerUri(boolean stripPathFromIssuerUri) { +this.stripPathFromIssuerUri = stripPathFromIssuerUri; +} + }