[gatein-issues] [JBoss JIRA] Moved: (GTNWSRP-127) WSRP Identity Propagation users WSRP user context and should use WS-Security
Chris Laprun (JIRA)
jira-events at lists.jboss.org
Thu Oct 28 09:38:04 EDT 2010
[ https://jira.jboss.org/browse/GTNWSRP-127?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chris Laprun moved JBPORTAL-2468 to GTNWSRP-127:
------------------------------------------------
Project: GateIn WSRP (was: JBoss Portal)
Key: GTNWSRP-127 (was: JBPORTAL-2468)
Component/s: (was: Portal WSRP)
> WSRP Identity Propagation users WSRP user context and should use WS-Security
> ----------------------------------------------------------------------------
>
> Key: GTNWSRP-127
> URL: https://jira.jboss.org/browse/GTNWSRP-127
> Project: GateIn WSRP
> Issue Type: Bug
> Environment: EPP 4.3 CP03
> Reporter: Aaron Pestel
> Assignee: Chris Laprun
>
> The current WSRP implementation passes the username via the WSRP user context, which according to the spec is not the purpose of the user context.
> I have created a wiki that offers a potential solution. It involves two jax-rpc handers (one to generate the ws-security header on the consumer and one to parse and authenticate the ws-security header on the producer). In addition, org/jboss/portal/wsrp/producer/RequestProcessor.java needs to be changed to use the authenticated user's context rather than the information passed in the wsrp user context. Source code for these pieces is in the JARs at this wiki: http://community.jboss.org/wiki/JBossEPP43-WSRPwithWS-SecurityandSSL
> Here is the current implementation of RequestProcessor that pulls security information from the WSRP user context, followed by my proposed implementation:
> -------------------------------------------------------------------------------------------
> // fix-me: check that the correct semantics is used.
> private SecurityContext createSecurityContext(final MarkupParams params, final RuntimeContext runtimeContext,
> final org.jboss.portal.wsrp.core.UserContext wsrpUserContext)
> {
> return new SecurityContext()
> {
> public boolean isSecure()
> {
> return params.isSecureClientCommunication();
> }
> public String getAuthType()
> {
> return runtimeContext.getUserAuthentication();
> }
> public String getRemoteUser()
> {
> if (wsrpUserContext != null)
> {
> return wsrpUserContext.getUserContextKey();
> }
> return null;
> }
> public Principal getUserPrincipal()
> {
> return null;
> }
> public boolean isUserInRole(String roleName)
> {
> return wsrpUserContext != null && Tools.isContainedIn(roleName, wsrpUserContext.getUserCategories());
> }
> public boolean isAuthenticated()
> {
> return wsrpUserContext != null;
> }
> };
> }
> -------------------------------------------------------------------------------------------
> -------------------------------------------------------------------------------------------
> // fix-me: check that the correct semantics is used.
> private SecurityContext createSecurityContext(final MarkupParams params, final RuntimeContext runtimeContext,
> final org.jboss.portal.wsrp.core.UserContext wsrpUserContext)
> {
> final Request r = ((org.apache.catalina.connector.Request)(SecurityAssociationValve.activeRequest.get()));
> return new SecurityContext()
> {
> public boolean isSecure()
> {
> return r.isSecure();
> }
> public String getAuthType()
> {
> return r.getAuthType();
> }
> public String getRemoteUser()
> {
> return r.getRemoteUser();
> }
> public Principal getUserPrincipal()
> {
> return r.getUserPrincipal();
> }
> public boolean isUserInRole(String roleName)
> {
> return r.isUserInRole(roleName);
> }
> public boolean isAuthenticated()
> {
> return r.getUserPrincipal() != null;
> }
> };
> }
> -------------------------------------------------------------------------------------------
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the gatein-issues
mailing list