[gatein-commits] gatein SVN: r8437 - in epp/portal/branches/EPP_5_2_Branch: component/web/security/src/main/java/org/exoplatform/web/login and 5 other directories.

Author: mposolda Date: 2012-02-20 11:39:02 -0500 (Mon, 20 Feb 2012) New Revision: 8437 Added: epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistry.java epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistryImpl.java epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistryListener.java epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/wss/ConversationStateCredentialsAccessor.java Modified: epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/login/DoLoginServlet.java epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/login/GateinWCIController.java epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/login/RememberMeFilter.java epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginController.java epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java epp/portal/branches/EPP_5_2_Branch/pom.xml epp/portal/branches/EPP_5_2_Branch/web/portal/src/main/webapp/WEB-INF/conf/common/common-configuration.xml epp/portal/branches/EPP_5_2_Branch/web/portal/src/main/webapp/WEB-INF/web.xml epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/wss/JBoss5WSSServiceIntegration.java epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-ear-as5/src/main/application/lib/jboss5integration.jar/conf/configuration.xml Log: Bug 793651 ( JBEPP-729 ) - Upgrade WCI and WSRP - Get rid of credentials from HTTP Session Modified: epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/login/DoLoginServlet.java =================================================================== --- epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/login/DoLoginServlet.java 2012-02-20 13:23:45 UTC (rev 8436) +++ epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/login/DoLoginServlet.java 2012-02-20 16:39:02 UTC (rev 8437) @@ -19,11 +19,14 @@ package org.exoplatform.web.login; +import org.exoplatform.container.web.AbstractHttpServlet; +import org.exoplatform.services.security.ConversationState; +import org.exoplatform.web.security.AuthenticationRegistry; import org.gatein.common.logging.Logger; import org.gatein.common.logging.LoggerFactory; +import org.gatein.wci.security.Credentials; import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; @@ -33,7 +36,7 @@ /** * @author <a href="mailto:julien.viet@exoplatform.com">Julien Viet</a> */ -public class DoLoginServlet extends HttpServlet +public class DoLoginServlet extends AbstractHttpServlet { /** . */ @@ -65,7 +68,39 @@ initialURI = req.getContextPath(); } + // Now user is successfuly authenticated, so that we can remove credentials from temporary AuthenticationRegistry + // and add them to ConversationState + Credentials credentials = removeCredentialsFromRegistry(req); + setCredentialsToConversationState(credentials); + // resp.sendRedirect(resp.encodeRedirectURL(initialURI)); } + + /** + * Remove credentials from temporary AuthenticationRegistry because authentication of user is now finished. + * + * @param req + * @return credentials,which were removed from AuthenticationRegistry + */ + protected Credentials removeCredentialsFromRegistry(HttpServletRequest req) + { + AuthenticationRegistry authenticationRegistry = (AuthenticationRegistry)getContainer().getComponentInstanceOfType(AuthenticationRegistry.class); + return authenticationRegistry.removeCredentials(req); + } + + /** + * Add credentials to {@link ConversationState}. + * + * @param credentials + */ + protected void setCredentialsToConversationState(Credentials credentials) + { + ConversationState currentConversationState = ConversationState.getCurrent(); + if (currentConversationState != null && credentials != null) + { + log.debug("Adding credentials to conversationState for user " + credentials.getUsername()); + currentConversationState.setAttribute(Credentials.CREDENTIALS, credentials); + } + } } Modified: epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/login/GateinWCIController.java =================================================================== --- epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/login/GateinWCIController.java 2012-02-20 13:23:45 UTC (rev 8436) +++ epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/login/GateinWCIController.java 2012-02-20 16:39:02 UTC (rev 8437) @@ -19,6 +19,9 @@ package org.exoplatform.web.login; +import org.exoplatform.container.PortalContainer; +import org.exoplatform.web.security.AuthenticationRegistry; +import org.exoplatform.web.security.PortalLoginModule; import org.gatein.wci.security.Credentials; import org.gatein.wci.security.WCIController; @@ -94,7 +97,17 @@ @Override public Credentials getCredentials(final HttpServletRequest req, final HttpServletResponse resp) { - return (Credentials)req.getSession().getAttribute(Credentials.CREDENTIALS); + AuthenticationRegistry credRegistry = (AuthenticationRegistry)PortalContainer.getCurrentInstance(servletContext). + getComponentInstanceOfType(AuthenticationRegistry.class); + Credentials credentials = credRegistry.getCredentials(req); + + // Try to find AuthenticatedCredentials in HTTP session + if (credentials == null) + { + credentials = (Credentials)req.getSession().getAttribute(PortalLoginModule.AUTHENTICATED_CREDENTIALS); + } + + return credentials; } @Override Modified: epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/login/RememberMeFilter.java =================================================================== --- epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/login/RememberMeFilter.java 2012-02-20 13:23:45 UTC (rev 8436) +++ epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/login/RememberMeFilter.java 2012-02-20 16:39:02 UTC (rev 8437) @@ -21,6 +21,7 @@ import org.exoplatform.container.ExoContainer; import org.exoplatform.container.web.AbstractFilter; +import org.exoplatform.web.security.AuthenticationRegistry; import org.exoplatform.web.security.security.CookieTokenService; import org.exoplatform.web.controller.router.PercentEncoding; import org.gatein.common.logging.Logger; @@ -68,7 +69,9 @@ token, false); if (o instanceof Credentials) { - req.getSession().setAttribute(Credentials.CREDENTIALS, o); + AuthenticationRegistry authenticationRegistry = (AuthenticationRegistry)getContainer().getComponentInstanceOfType(AuthenticationRegistry.class); + authenticationRegistry.setCredentials(req, (Credentials)o); + resp.sendRedirect(resp.encodeRedirectURL( loginUrl( req.getContextPath(), Added: epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistry.java =================================================================== --- epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistry.java (rev 0) +++ epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistry.java 2012-02-20 16:39:02 UTC (rev 8437) @@ -0,0 +1,53 @@ +/* + * JBoss, a division of Red Hat + * Copyright 2012, Red Hat Middleware, LLC, and individual + * contributors as indicated by the @authors tag. See the + * copyright.txt in the distribution for a full listing of + * individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.exoplatform.web.security; + +import org.gatein.wci.security.Credentials; + +import javax.servlet.http.HttpServletRequest; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.ConcurrentMap; + +/** + * Temporary registry for hold credentials (and potentially other attributes) during login process. + * + * + * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a> + */ +public interface AuthenticationRegistry +{ + + public Credentials getCredentials(HttpServletRequest request); + + + public void setCredentials(HttpServletRequest request, Credentials credentials); + + + public Credentials removeCredentials(HttpServletRequest request); + + + public void removeClient(String sessionId); + +} Added: epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistryImpl.java =================================================================== --- epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistryImpl.java (rev 0) +++ epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistryImpl.java 2012-02-20 16:39:02 UTC (rev 8437) @@ -0,0 +1,125 @@ +/* + * JBoss, a division of Red Hat + * Copyright 2012, Red Hat Middleware, LLC, and individual + * contributors as indicated by the @authors tag. See the + * copyright.txt in the distribution for a full listing of + * individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.exoplatform.web.security; + +import org.gatein.common.logging.Logger; +import org.gatein.common.logging.LoggerFactory; +import org.gatein.wci.security.Credentials; + +import javax.servlet.http.HttpServletRequest; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.ConcurrentMap; + +/** + * Temporary registry for hold credentials (and potentially other attributes) during login process to avoid store them in session. + * Registry is used only during authentication process and attributes of target client are cleared after successful authentication, + * + * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a> + */ +public class AuthenticationRegistryImpl implements AuthenticationRegistry +{ + private static final Logger log = LoggerFactory.getLogger(AuthenticationRegistryImpl.class); + + // Key is ID of HTTP Session. Value is map with various attributes of single client (session), + // which will be used during authentication process. + private final ConcurrentMap<String, Map<String, Object>> registry = new ConcurrentHashMap<String, Map<String, Object>>(); + + + public Credentials getCredentials(HttpServletRequest request) + { + String sessionId = getSessionId(request); + Map<String, Object> attributesOfClient = registry.get(sessionId); + + if (attributesOfClient == null) + { + return null; + } + + return (Credentials)attributesOfClient.get(Credentials.CREDENTIALS); + } + + + public void setCredentials(HttpServletRequest request, Credentials credentials) + { + String sessionId = getSessionId(request); + + Map<String, Object> attributesOfClient = getAttributesOfClient(sessionId); + attributesOfClient.put(Credentials.CREDENTIALS, credentials); + } + + + public Credentials removeCredentials(HttpServletRequest request) + { + String sessionId = getSessionId(request); + + Map<String, Object> attributesOfClient = getAttributesOfClient(sessionId); + + Credentials credentials = (Credentials)attributesOfClient.remove(Credentials.CREDENTIALS); + + // Clear map if no more attributes are here. + if (attributesOfClient.size() == 0) + { + removeClient(sessionId); + } + + return credentials; + } + + + public void removeClient(String sessionId) + { + registry.remove(sessionId); + + if (log.isTraceEnabled()) + { + log.trace("Entry cleared for session " + sessionId); + } + } + + + private Map<String, Object> getAttributesOfClient(String sessionId) + { + Map<String, Object> attributes = registry.get(sessionId); + + if (attributes == null) + { + attributes = new ConcurrentHashMap<String, Object>(); + registry.putIfAbsent(sessionId, attributes); + + if (log.isTraceEnabled()) + { + log.trace("New entry created in AuthenticationRegistry for session " + sessionId); + } + } + + return registry.get(sessionId); + } + + + private String getSessionId(HttpServletRequest req) + { + return req.getSession().getId(); + } +} Added: epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistryListener.java =================================================================== --- epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistryListener.java (rev 0) +++ epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistryListener.java 2012-02-20 16:39:02 UTC (rev 8437) @@ -0,0 +1,56 @@ +/* + * JBoss, a division of Red Hat + * Copyright 2012, Red Hat Middleware, LLC, and individual + * contributors as indicated by the @authors tag. See the + * copyright.txt in the distribution for a full listing of + * individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.exoplatform.web.security; + +import org.exoplatform.container.ExoContainer; +import org.exoplatform.container.web.AbstractHttpSessionListener; + +import javax.servlet.http.HttpSessionEvent; + +/** + * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a> + */ +public class AuthenticationRegistryListener extends AbstractHttpSessionListener +{ + + @Override + protected boolean requirePortalEnvironment() + { + return true; + } + + + @Override + protected void onSessionCreated(ExoContainer container, HttpSessionEvent event) + { + } + + + @Override + protected void onSessionDestroyed(ExoContainer container, HttpSessionEvent event) + { + AuthenticationRegistry authenticationRegistry = (AuthenticationRegistry)container.getComponentInstanceOfType(AuthenticationRegistry.class); + authenticationRegistry.removeClient(event.getSession().getId()); + } +} Modified: epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginController.java =================================================================== --- epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginController.java 2012-02-20 13:23:45 UTC (rev 8436) +++ epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginController.java 2012-02-20 16:39:02 UTC (rev 8437) @@ -19,6 +19,7 @@ package org.exoplatform.web.security; +import org.exoplatform.container.ExoContainerContext; import org.exoplatform.web.login.InitiateLoginServlet; import org.exoplatform.web.security.security.AbstractTokenService; import org.exoplatform.web.security.security.CookieTokenService; @@ -28,6 +29,7 @@ import org.gatein.wci.security.WCILoginController; import java.io.IOException; +import java.net.URLEncoder; import javax.servlet.ServletException; import javax.servlet.http.Cookie; @@ -63,7 +65,7 @@ { //Create token AbstractTokenService tokenService = AbstractTokenService.getInstance(CookieTokenService.class); - Credentials credentials = (Credentials)req.getSession().getAttribute(Credentials.CREDENTIALS); + Credentials credentials = getCredentials(req); String cookieToken = tokenService.createToken(credentials); log.debug("Found a remember me request parameter, created a persistent token " + cookieToken + " for it and set it up " + @@ -94,4 +96,34 @@ String redirectURI = req.getContextPath() + "/dologin?initialURI=" + uri; resp.sendRedirect(resp.encodeRedirectURL(redirectURI)); } + + /** + * Read credentials from ConversationState instead of HTTP session. + * + * @param req + * @return credentials + */ + @Override + protected Credentials getCredentials(HttpServletRequest req) + { + return getAuthenticationRegistry(req).getCredentials(req); + } + + /** + * Set credentials to ConversationState instead of HTTP session + * + * @param req + * @param credentials + */ + @Override + protected void setCredentials(HttpServletRequest req, Credentials credentials) + { + getAuthenticationRegistry(req).setCredentials(req, credentials); + } + + private AuthenticationRegistry getAuthenticationRegistry(HttpServletRequest req) + { + return (AuthenticationRegistry) ExoContainerContext.getCurrentContainer(). + getComponentInstanceOfType(AuthenticationRegistry.class); + } } Modified: epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java =================================================================== --- epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java 2012-02-20 13:23:45 UTC (rev 8436) +++ epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java 2012-02-20 16:39:02 UTC (rev 8437) @@ -169,7 +169,6 @@ else { request.getSession().setAttribute(AUTHENTICATED_CREDENTIALS, wc); - handleCredentialsRemoving(request); } } catch(Exception e) @@ -187,6 +186,13 @@ */ public boolean abort() throws LoginException { + HttpServletRequest request = getCurrentHttpServletRequest(); + + if (request != null) + { + handleCredentialsRemoving(request); + } + return true; } @@ -210,14 +216,24 @@ } /** - * Remove credentials of authenticated user from HTTP session. + * Remove credentials of authenticated user from AuthenticationRegistry. * * @param request httpRequest */ protected void handleCredentialsRemoving(HttpServletRequest request) { - // TODO: We can't remove credentials from HTTP session right now because WSRP-Security relies on it. See method WSSecurityCredentialHelper.handleRequest - // request.getSession().removeAttribute(Credentials.CREDENTIALS); + try + { + AuthenticationRegistry authenticationRegistry = (AuthenticationRegistry)getContainer().getComponentInstanceOfType(AuthenticationRegistry.class); + if (request != null) + { + authenticationRegistry.removeCredentials(request); + } + } + catch (Exception e) + { + log.debug("Unable to remove credentials from credentialsRegistry.", e); + } } private HttpServletRequest getCurrentHttpServletRequest() Modified: epp/portal/branches/EPP_5_2_Branch/pom.xml =================================================================== --- epp/portal/branches/EPP_5_2_Branch/pom.xml 2012-02-20 13:23:45 UTC (rev 8436) +++ epp/portal/branches/EPP_5_2_Branch/pom.xml 2012-02-20 16:39:02 UTC (rev 8437) @@ -50,10 +50,10 @@ <org.gatein.parent.version>1.1.0-GA</org.gatein.parent.version> <org.gatein.common.version>2.0.4-GA</org.gatein.common.version> <org.gatein.dep.version>1.1.0-GA</org.gatein.dep.version> - <org.gatein.wci.version>2.1.0-GA</org.gatein.wci.version> + <org.gatein.wci.version>2.1.1-Beta03</org.gatein.wci.version> <org.gatein.pc.version>2.3.0-GA</org.gatein.pc.version> <org.picketlink.idm>1.3.1.CR01</org.picketlink.idm> - <org.gatein.wsrp.version>2.1.0-EPP520-GA</org.gatein.wsrp.version> + <org.gatein.wsrp.version>2.1.1-CR01</org.gatein.wsrp.version> <org.gatein.mop.version>1.1.0-GA</org.gatein.mop.version> <org.gatein.mgmt.version>1.0.1-GA</org.gatein.mgmt.version> <org.slf4j.version>1.5.8</org.slf4j.version> Modified: epp/portal/branches/EPP_5_2_Branch/web/portal/src/main/webapp/WEB-INF/conf/common/common-configuration.xml =================================================================== --- epp/portal/branches/EPP_5_2_Branch/web/portal/src/main/webapp/WEB-INF/conf/common/common-configuration.xml 2012-02-20 13:23:45 UTC (rev 8436) +++ epp/portal/branches/EPP_5_2_Branch/web/portal/src/main/webapp/WEB-INF/conf/common/common-configuration.xml 2012-02-20 16:39:02 UTC (rev 8437) @@ -184,6 +184,11 @@ </init-params> </component> + <component> + <key>org.exoplatform.web.security.AuthenticationRegistry</key> + <type>org.exoplatform.web.security.AuthenticationRegistryImpl</type> + </component> + <external-component-plugins> <target-component>org.exoplatform.services.cache.ExoCacheFactory</target-component> <component-plugin> Modified: epp/portal/branches/EPP_5_2_Branch/web/portal/src/main/webapp/WEB-INF/web.xml =================================================================== --- epp/portal/branches/EPP_5_2_Branch/web/portal/src/main/webapp/WEB-INF/web.xml 2012-02-20 13:23:45 UTC (rev 8436) +++ epp/portal/branches/EPP_5_2_Branch/web/portal/src/main/webapp/WEB-INF/web.xml 2012-02-20 16:39:02 UTC (rev 8437) @@ -200,6 +200,9 @@ <listener> <listener-class>org.exoplatform.services.security.web.JAASConversationStateListener</listener-class> </listener> + <listener> + <listener-class>org.exoplatform.web.security.AuthenticationRegistryListener</listener-class> + </listener> <!-- ================================================================== --> <!-- SERVLET --> <!-- ================================================================== --> Added: epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/wss/ConversationStateCredentialsAccessor.java =================================================================== --- epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/wss/ConversationStateCredentialsAccessor.java (rev 0) +++ epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/wss/ConversationStateCredentialsAccessor.java 2012-02-20 16:39:02 UTC (rev 8437) @@ -0,0 +1,55 @@ +/* + * JBoss, a division of Red Hat + * Copyright 2012, Red Hat Middleware, LLC, and individual + * contributors as indicated by the @authors tag. See the + * copyright.txt in the distribution for a full listing of + * individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.gatein.integration.wsrp.wss; + +import org.exoplatform.services.security.ConversationState; +import org.gatein.common.logging.Logger; +import org.gatein.common.logging.LoggerFactory; +import org.gatein.wci.security.Credentials; +import org.gatein.wsrp.wss.credentials.CredentialsAccessor; + +/** + * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a> + */ +public class ConversationStateCredentialsAccessor implements CredentialsAccessor +{ + + private static final Logger log = LoggerFactory.getLogger(ConversationStateCredentialsAccessor.class); + + /** + * Reading credentials from @{link ConversationState} of current user. + * + * @return credentials + */ + @Override + public Credentials getCredentials() + { + if (ConversationState.getCurrent() == null) + { + log.warn("Cannot find Credentials because ConversationState not set."); + return null; + } + return (Credentials)ConversationState.getCurrent().getAttribute(Credentials.CREDENTIALS); + } +} Modified: epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/wss/JBoss5WSSServiceIntegration.java =================================================================== --- epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/wss/JBoss5WSSServiceIntegration.java 2012-02-20 13:23:45 UTC (rev 8436) +++ epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/wss/JBoss5WSSServiceIntegration.java 2012-02-20 16:39:02 UTC (rev 8437) @@ -23,6 +23,7 @@ package org.gatein.integration.wsrp.wss; import org.gatein.wsrp.wss.WebServiceSecurityFactory; +import org.gatein.wsrp.wss.credentials.CredentialsAccessor; import org.picocontainer.Startable; import org.wsrp.wss.jboss5.handlers.consumer.JBWSSecurityHandlerWrapper; import org.wsrp.wss.jboss5.handlers.consumer.WSSecurityCredentialHandler; @@ -35,12 +36,13 @@ { private final WebServiceSecurityFactory wssFactory; - private final WSSecurityCredentialHandler WS_CREDENTIAL_HANDLER = new WSSecurityCredentialHandler(); + private final WSSecurityCredentialHandler WS_CREDENTIAL_HANDLER; private final JBWSSecurityHandlerWrapper JBWS_SECURITY_WRAPPER = new JBWSSecurityHandlerWrapper(); - public JBoss5WSSServiceIntegration() + public JBoss5WSSServiceIntegration(CredentialsAccessor credentialsAccessor) { wssFactory = WebServiceSecurityFactory.getInstance(); + WS_CREDENTIAL_HANDLER = new WSSecurityCredentialHandler(credentialsAccessor); } public void start() Modified: epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-ear-as5/src/main/application/lib/jboss5integration.jar/conf/configuration.xml =================================================================== --- epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-ear-as5/src/main/application/lib/jboss5integration.jar/conf/configuration.xml 2012-02-20 13:23:45 UTC (rev 8436) +++ epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-ear-as5/src/main/application/lib/jboss5integration.jar/conf/configuration.xml 2012-02-20 16:39:02 UTC (rev 8437) @@ -28,6 +28,16 @@ xmlns="http://www.exoplaform.org/xml/ns/kernel_1_1.xsd"> <component> + <key>org.gatein.wsrp.wss.credentials.CredentialsAccessor</key> + + <!-- Reading credentials from HTTP session --> + <!--<type>org.gatein.wsrp.wss.credentials.HTTPSessionCredentialsAccessor</type>--> + + <!-- Reading credentials from ConversationState --> + <type>org.gatein.integration.wsrp.wss.ConversationStateCredentialsAccessor</type> + </component> + + <component> <type>org.gatein.integration.wsrp.wss.JBoss5WSSServiceIntegration</type> </component>