cxf git commit: Recording .gitmergeinfo Changes

[coheigea]

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes f269b76c5 -> bfc82958d


Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/bfc82958
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/bfc82958
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/bfc82958

Branch: refs/heads/3.0.x-fixes
Commit: bfc82958d2cf329bd622eb80184a0eb88894eb3d
Parents: f269b76
Author: Colm O hEigeartaigh 
Authored: Fri Sep 8 15:45:31 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Sep 8 15:45:31 2017 +0100

--
 .gitmergeinfo | 2 ++
 1 file changed, 2 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/bfc82958/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index bb4bf49..7ea563d 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -1003,6 +1003,7 @@ B 817727ddca9aad39a66f7001bf5f1c959dc7f581
 B 81a7a670b8abe2145f51dcee0b8a49c6587603d6
 B 81bc682a409806567fc3485157e184e72feaf086
 B 81ed24d9802d8d82775e27c3326a58098ee883e8
+B 82581d6d720c0c1db73df0c128b3371ad9d734f8
 B 826c9625710b4aac2a3d5bacd3858b57de5e0955
 B 82ac9402b836ff58a131ed1c86226072ea267b42
 B 82c4bff5276cc32490507fba4cb9d18539d41907
@@ -1410,6 +1411,7 @@ B b5fc90f09c6b039a54564e0825a264310453c550
 B b6018a47e19bf98ad405baf51e363eae9972f4dd
 B b60702df6f4f8a651395999ee7cc583bb89589e3
 B b63c63ffeb1f8d4e747ba2e9233be6aa635c00db
+B b64da86f676f3ce69100b729a2fc128c72665512
 B b6547f75a198e8b345c120b0b4f71f198b044660
 B b6577a8fa68235fb8bb0103681906289bcf5e069
 B b67537dbace0896073b55b375b8ccdc4cce83365

[1/2] cxf git commit: Recording .gitmergeinfo Changes

[coheigea]

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes fe33fcedc -> b64da86f6


Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b64da86f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b64da86f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b64da86f

Branch: refs/heads/3.1.x-fixes
Commit: b64da86f676f3ce69100b729a2fc128c72665512
Parents: 82581d6
Author: Colm O hEigeartaigh 
Authored: Fri Sep 8 15:45:15 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Sep 8 15:45:15 2017 +0100

--
 .gitmergeinfo | 1 +
 1 file changed, 1 insertion(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/b64da86f/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index ad72e81..049d4e5 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -887,6 +887,7 @@ M e92e57c1f14de911cd2315a907443c79e91a94de
 M ea97f3dd62a3a271faf7f363aca618d921c14abb
 M eb14ce9206bc43371f149f9d0b1c6e8e2682e5c0
 M eb31ffe4f95c4dc6ac9a2ac56e15ae89b578359e
+M ec7a52968e8e4d9e7727a7798b293389c1a3dd29
 M ed9298066428c0dfc4590a556876d696a4ba13c0
 M edae59057fd9061ee332667e4f2e066d5cad1f31
 M ee248ce7a4a1b04bcbddbdcef82d695ccc140160

[2/2] cxf git commit: Add some hooks to either set or get some information relating to the kerberos authentication process

[coheigea]

Add some hooks to either set or get some information relating to the kerberos 
authentication process

# Conflicts:
#   
rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
#   
rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/82581d6d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/82581d6d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/82581d6d

Branch: refs/heads/3.1.x-fixes
Commit: 82581d6d720c0c1db73df0c128b3371ad9d734f8
Parents: fe33fce
Author: Colm O hEigeartaigh 
Authored: Fri Sep 8 15:42:03 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Sep 8 15:45:15 2017 +0100

--
 .../jaxrs/security/KerberosAuthenticationFilter.java  | 14 --
 .../http/auth/AbstractSpnegoAuthSupplier.java | 11 +--
 .../cxf/ws/security/kerberos/KerberosClient.java  |  6 +-
 3 files changed, 22 insertions(+), 9 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/82581d6d/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
--
diff --git 
a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
 
b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
index 3390104..e3cd617 100644
--- 
a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
+++ 
b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
@@ -105,16 +105,13 @@ public class KerberosAuthenticationFilter implements 
ContainerRequestFilter {
 if (index > 0) {
 simpleUserName = simpleUserName.substring(0, index);
 }
+Message m = JAXRSUtils.getCurrentMessage();
+m.put(SecurityContext.class, createSecurityContext(simpleUserName, 
complexUserName, gssContext));
+
 if (!gssContext.getCredDelegState()) {
 gssContext.dispose();
 gssContext = null;
 }
-Message m = JAXRSUtils.getCurrentMessage();
-m.put(SecurityContext.class, 
-new KerberosSecurityContext(new 
KerberosPrincipal(simpleUserName,
-  
complexUserName),
-gssContext));
-
 } catch (LoginException e) {
 LOG.fine("Unsuccessful JAAS login for the service principal: " + 
e.getMessage());
 throw ExceptionUtils.toNotAuthorizedException(e, 
getFaultResponse());
@@ -127,6 +124,11 @@ public class KerberosAuthenticationFilter implements 
ContainerRequestFilter {
 }
 }
 
+protected SecurityContext createSecurityContext(String simpleUserName, 
String complexUserName,
+GSSContext gssContext) {
+return new KerberosSecurityContext(new 
KerberosPrincipal(simpleUserName, complexUserName), gssContext);
+}
+
 protected GSSContext createGSSContext() throws GSSException {
 boolean useKerberosOid = MessageUtils.isTrue(
 messageContext.getContextualProperty(PROPERTY_USE_KERBEROS_OID));

http://git-wip-us.apache.org/repos/asf/cxf/blob/82581d6d/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
--
diff --git 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
index 172d110..f62947e 100644
--- 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
+++ 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
@@ -138,7 +138,9 @@ public abstract class AbstractSpnegoAuthSupplier {
 if (delegatedCred != null) {
 return context.initSecContext(token, 0, token.length);
 }
-
+
+decorateSubject(subject);
+
 try {
 return (byte[])Subject.doAs(subject, new 
CreateServiceTicketAction(context, token));
 } catch (PrivilegedActionException e) {
@@ -149,7 +151,12 @@ public abstract class AbstractSpnegoAuthSupplier {
 return null;
 }
 }
-
+
+// Allow subclasses to decorate the Subject if required.
+protected void decorateSubject(Subject subject) {
+
+}

cxf git commit: Add some hooks to either set or get some information relating to the kerberos authentication process

[coheigea]

Repository: cxf
Updated Branches:
  refs/heads/master 4080fbafc -> ec7a52968


Add some hooks to either set or get some information relating to the kerberos 
authentication process


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ec7a5296
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ec7a5296
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ec7a5296

Branch: refs/heads/master
Commit: ec7a52968e8e4d9e7727a7798b293389c1a3dd29
Parents: 4080fba
Author: Colm O hEigeartaigh 
Authored: Fri Sep 8 15:42:03 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Sep 8 15:42:03 2017 +0100

--
 .../jaxrs/security/KerberosAuthenticationFilter.java   | 13 -
 .../http/auth/AbstractSpnegoAuthSupplier.java  |  7 +++
 .../cxf/ws/security/kerberos/KerberosClient.java   |  6 +-
 3 files changed, 20 insertions(+), 6 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/ec7a5296/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
--
diff --git 
a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
 
b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
index 0111022..924057a 100644
--- 
a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
+++ 
b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java
@@ -105,15 +105,13 @@ public class KerberosAuthenticationFilter implements 
ContainerRequestFilter {
 if (index > 0) {
 simpleUserName = simpleUserName.substring(0, index);
 }
+Message m = JAXRSUtils.getCurrentMessage();
+m.put(SecurityContext.class, createSecurityContext(simpleUserName, 
complexUserName, gssContext));
+
 if (!gssContext.getCredDelegState()) {
 gssContext.dispose();
 gssContext = null;
 }
-Message m = JAXRSUtils.getCurrentMessage();
-m.put(SecurityContext.class,
-new KerberosSecurityContext(new 
KerberosPrincipal(simpleUserName,
-  
complexUserName),
-gssContext));
 
 } catch (LoginException e) {
 LOG.fine("Unsuccessful JAAS login for the service principal: " + 
e.getMessage());
@@ -127,6 +125,11 @@ public class KerberosAuthenticationFilter implements 
ContainerRequestFilter {
 }
 }
 
+protected SecurityContext createSecurityContext(String simpleUserName, 
String complexUserName,
+GSSContext gssContext) {
+return new KerberosSecurityContext(new 
KerberosPrincipal(simpleUserName, complexUserName), gssContext);
+}
+
 protected GSSContext createGSSContext() throws GSSException {
 boolean useKerberosOid = PropertyUtils.isTrue(
 messageContext.getContextualProperty(PROPERTY_USE_KERBEROS_OID));

http://git-wip-us.apache.org/repos/asf/cxf/blob/ec7a5296/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
--
diff --git 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
index 464610f..2129e29 100644
--- 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
+++ 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
@@ -138,6 +138,8 @@ public abstract class AbstractSpnegoAuthSupplier {
 return context.initSecContext(token, 0, token.length);
 }
 
+decorateSubject(subject);
+
 try {
 return Subject.doAs(subject, new 
CreateServiceTicketAction(context, token));
 } catch (PrivilegedActionException e) {
@@ -149,6 +151,11 @@ public abstract class AbstractSpnegoAuthSupplier {
 }
 }
 
+// Allow subclasses to decorate the Subject if required.
+protected void decorateSubject(Subject subject) {
+
+}
+
 protected boolean isCredDelegationRequired(Message message) {
 return MessageUtils.getContextualBoolean(message, 
PROPERTY_REQUIRE_CRED_DELEGATION, credDelegation);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/ec7a5296/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java

cxf-fediz git commit: Adding an option to strip a path comp off from the dynamically calculated issuer uri

[sergeyb]

Repository: cxf-fediz
Updated Branches:
  refs/heads/master bbe3cd4d2 -> 3aa1e51c1


Adding an option to strip a path comp off from the dynamically calculated 
issuer uri


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/3aa1e51c
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/3aa1e51c
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/3aa1e51c

Branch: refs/heads/master
Commit: 3aa1e51c19084c93b6e2b6ecc89b0181db137139
Parents: bbe3cd4
Author: Sergey Beryozkin 
Authored: Fri Sep 8 11:58:40 2017 +0100
Committer: Sergey Beryozkin 
Committed: Fri Sep 8 12:00:11 2017 +0100

--
 .../fediz/service/oidc/FedizSubjectCreator.java   | 18 +-
 1 file changed, 17 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3aa1e51c/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
--
diff --git 
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
 
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
index 8479895..08e63dc 100644
--- 
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
+++ 
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
@@ -18,6 +18,7 @@
  */
 package org.apache.cxf.fediz.service.oidc;
 
+import java.net.URI;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -51,6 +52,7 @@ import org.opensaml.saml.saml2.core.Issuer;
 
 public class FedizSubjectCreator implements SubjectCreator {
 private static final String ROLES_SCOPE = "roles";
+private boolean stripPathFromIssuerUri;
 private String issuer;
 private long defaultTimeToLive = 3600L;
 private Map supportedClaims = Collections.emptyMap();
@@ -133,7 +135,17 @@ public class FedizSubjectCreator implements SubjectCreator 
{
 String realIssuer = null;
 if (issuer.startsWith("/")) {
 UriBuilder ub = mc.getUriInfo().getBaseUriBuilder();
-realIssuer = ub.path(issuer).build().toString();
+URI uri = ub.path(issuer).build();
+if (this.stripPathFromIssuerUri) {
+StringBuilder sb = new StringBuilder();
+
sb.append(uri.getScheme()).append("://").append(uri.getHost());
+if (uri.getPort() != -1) {
+sb.append(':').append(uri.getPort());
+}
+realIssuer = sb.toString();
+} else {
+realIssuer = uri.toString();
+}
 } else {
 realIssuer = issuer;
 }
@@ -257,4 +269,8 @@ public class FedizSubjectCreator implements SubjectCreator {
 this.supportedClaims = supportedClaims;
 }
 
+public void setStripPathFromIssuerUri(boolean stripPathFromIssuerUri) {
+this.stripPathFromIssuerUri = stripPathFromIssuerUri;
+}
+
 }