Author: chris.laprun(a)jboss.com
Date: 2012-02-01 04:19:20 -0500 (Wed, 01 Feb 2012)
New Revision: 8332
Added:
components/wsrp/trunk/ws-security/wss/src/main/java/org/gatein/wsrp/wss/credentials/
components/wsrp/trunk/ws-security/wss/src/main/java/org/gatein/wsrp/wss/credentials/CredentialsAccessor.java
components/wsrp/trunk/ws-security/wss/src/main/java/org/gatein/wsrp/wss/credentials/HTTPSessionCredentialsAccessor.java
Modified:
components/wsrp/trunk/ws-security/jboss5/pom.xml
components/wsrp/trunk/ws-security/jboss5/src/main/java/org/wsrp/wss/jboss5/handlers/consumer/WSSecurityCredentialHandler.java
Log:
- GTNWSRP-268: Applied patch from mposolda to be able to retrieve credentials from other
spots than HTTP session.
Modified: components/wsrp/trunk/ws-security/jboss5/pom.xml
===================================================================
--- components/wsrp/trunk/ws-security/jboss5/pom.xml 2012-01-31 16:54:45 UTC (rev 8331)
+++ components/wsrp/trunk/ws-security/jboss5/pom.xml 2012-02-01 09:19:20 UTC (rev 8332)
@@ -1,6 +1,6 @@
<!--
~ JBoss, a division of Red Hat
- ~ Copyright 2011, Red Hat Middleware, LLC, and individual
+ ~ Copyright 2012, Red Hat Middleware, LLC, and individual
~ contributors as indicated by the @authors tag. See the
~ copyright.txt in the distribution for a full listing of
~ individual contributors.
@@ -46,6 +46,10 @@
<groupId>org.gatein.wsrp</groupId>
<artifactId>wsrp-wsrp2-ws</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.gatein.wsrp</groupId>
+ <artifactId>wsrp-wss</artifactId>
+ </dependency>
<dependency>
<groupId>org.gatein.common</groupId>
Modified:
components/wsrp/trunk/ws-security/jboss5/src/main/java/org/wsrp/wss/jboss5/handlers/consumer/WSSecurityCredentialHandler.java
===================================================================
---
components/wsrp/trunk/ws-security/jboss5/src/main/java/org/wsrp/wss/jboss5/handlers/consumer/WSSecurityCredentialHandler.java 2012-01-31
16:54:45 UTC (rev 8331)
+++
components/wsrp/trunk/ws-security/jboss5/src/main/java/org/wsrp/wss/jboss5/handlers/consumer/WSSecurityCredentialHandler.java 2012-02-01
09:19:20 UTC (rev 8332)
@@ -1,42 +1,40 @@
-/******************************************************************************
- * JBoss, a division of Red Hat *
- * Copyright 2011, Red Hat Middleware, LLC, and individual *
- * contributors as indicated by the @authors tag. See the *
- * copyright.txt in the distribution for a full listing of *
- * individual contributors. *
- * *
- * This is free software; you can redistribute it and/or modify it *
- * under the terms of the GNU Lesser General Public License as *
- * published by the Free Software Foundation; either version 2.1 of *
- * the License, or (at your option) any later version. *
- * *
- * This software is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
- * Lesser General Public License for more details. *
- * *
- * You should have received a copy of the GNU Lesser General Public *
- * License along with this software; if not, write to the Free *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
- ******************************************************************************/
+/*
+ * JBoss, a division of Red Hat
+ * Copyright 2012, Red Hat Middleware, LLC, and individual
+ * contributors as indicated by the @authors tag. See the
+ * copyright.txt in the distribution for a full listing of
+ * individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
package org.wsrp.wss.jboss5.handlers.consumer;
-import java.util.Set;
+import org.gatein.wci.security.Credentials;
+import org.gatein.wsrp.wss.credentials.CredentialsAccessor;
+import org.jboss.ws.core.CommonMessageContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
-import javax.servlet.http.HttpServletRequest;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPHandler;
import javax.xml.ws.handler.soap.SOAPMessageContext;
+import java.util.Set;
-import org.gatein.wci.security.Credentials;
-import org.gatein.wsrp.servlet.ServletAccess;
-import org.jboss.ws.core.CommonMessageContext;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
/**
* @author <a href="mailto:mwringe@redhat.com">Matt Wringe</a>
* @version $Revision$
@@ -45,6 +43,13 @@
{
private static Logger log =
LoggerFactory.getLogger(WSSecurityCredentialHandler.class);
+ private CredentialsAccessor credentialsAccessor;
+
+ public WSSecurityCredentialHandler(CredentialsAccessor credentialsAccessor)
+ {
+ this.credentialsAccessor = credentialsAccessor;
+ }
+
public void close(MessageContext arg0)
{
//Nothing to do for now
@@ -74,26 +79,18 @@
log.debug("Attempting to convert security context to WS-Security
header");
- CommonMessageContext ctx = (CommonMessageContext) soapMessageContext;
+ CommonMessageContext ctx = (CommonMessageContext)soapMessageContext;
- HttpServletRequest request = ServletAccess.getRequest();
- if (request != null && request.getSession() != null)
+ Credentials credentials = credentialsAccessor.getCredentials();
+
+ if (credentials != null)
{
- Credentials credentials =
(Credentials)request.getSession().getAttribute(Credentials.CREDENTIALS);
- if (credentials != null)
- {
- ctx.put(BindingProvider.USERNAME_PROPERTY, credentials.getUsername());
- ctx.put(BindingProvider.PASSWORD_PROPERTY, credentials.getPassword());
- }
- else
- {
- log.debug("Could not find credentials to put in WS-Security
header");
- return true;
- }
+ ctx.put(BindingProvider.USERNAME_PROPERTY, credentials.getUsername());
+ ctx.put(BindingProvider.PASSWORD_PROPERTY, credentials.getPassword());
}
else
{
- log.debug("Could not get current HttpServletRequest, cannot
login.");
+ log.debug("Could not find credentials to put in WS-Security
header");
}
}
catch (Exception e)
Added:
components/wsrp/trunk/ws-security/wss/src/main/java/org/gatein/wsrp/wss/credentials/CredentialsAccessor.java
===================================================================
---
components/wsrp/trunk/ws-security/wss/src/main/java/org/gatein/wsrp/wss/credentials/CredentialsAccessor.java
(rev 0)
+++
components/wsrp/trunk/ws-security/wss/src/main/java/org/gatein/wsrp/wss/credentials/CredentialsAccessor.java 2012-02-01
09:19:20 UTC (rev 8332)
@@ -0,0 +1,39 @@
+/*
+ * JBoss, a division of Red Hat
+ * Copyright 2012, Red Hat Middleware, LLC, and individual
+ * contributors as indicated by the @authors tag. See the
+ * copyright.txt in the distribution for a full listing of
+ * individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+
+package org.gatein.wsrp.wss.credentials;
+
+import org.gatein.wci.security.Credentials;
+
+/**
+ * Accessor for obtaining credentials of current user.
+ *
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public interface CredentialsAccessor
+{
+
+ /** @return {@link org.gatein.wci.security.Credentials} of current user. */
+ public Credentials getCredentials();
+
+}
Added:
components/wsrp/trunk/ws-security/wss/src/main/java/org/gatein/wsrp/wss/credentials/HTTPSessionCredentialsAccessor.java
===================================================================
---
components/wsrp/trunk/ws-security/wss/src/main/java/org/gatein/wsrp/wss/credentials/HTTPSessionCredentialsAccessor.java
(rev 0)
+++
components/wsrp/trunk/ws-security/wss/src/main/java/org/gatein/wsrp/wss/credentials/HTTPSessionCredentialsAccessor.java 2012-02-01
09:19:20 UTC (rev 8332)
@@ -0,0 +1,64 @@
+/*
+ * JBoss, a division of Red Hat
+ * Copyright 2012, Red Hat Middleware, LLC, and individual
+ * contributors as indicated by the @authors tag. See the
+ * copyright.txt in the distribution for a full listing of
+ * individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+
+package org.gatein.wsrp.wss.credentials;
+
+import org.gatein.wci.security.Credentials;
+import org.gatein.wsrp.servlet.ServletAccess;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Obtaining credentials from HTTP session.
+ *
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class HTTPSessionCredentialsAccessor implements CredentialsAccessor
+{
+
+ private static Logger log =
LoggerFactory.getLogger(HTTPSessionCredentialsAccessor.class);
+
+ /**
+ * Return credentials from HTTP session. It assumes that Credentials are in HTTP
session in attribute
+ * {@link org.gatein.wci.security.Credentials#CREDENTIALS} and current HTTP request is
bound to {@link
+ * org.gatein.wsrp.servlet.ServletAccess} thread-local.
+ *
+ * @return credentials
+ */
+ @Override
+ public Credentials getCredentials()
+ {
+ HttpServletRequest request = ServletAccess.getRequest();
+ if (request != null && request.getSession() != null)
+ {
+ return (Credentials)request.getSession().getAttribute(Credentials.CREDENTIALS);
+ }
+ else
+ {
+ log.debug("Could not get current HttpServletRequest, cannot obtain
credentials from HTTP session.");
+ return null;
+ }
+ }
+}