JBossWS SVN: r17608 - stack/cxf/branches.
by jbossws-commits@lists.jboss.org
Author: mmusaji
Date: 2013-05-23 05:47:43 -0400 (Thu, 23 May 2013)
New Revision: 17608
Added:
stack/cxf/branches/jbossws-cxf-3.1.2.SP9_JBPAPP-10758/
Log:
[JBPAPP-10758] Create one off patch branch for JBossWS CXF
11 years, 7 months
JBossWS SVN: r17607 - thirdparty/cxf/branches.
by jbossws-commits@lists.jboss.org
Author: mmusaji
Date: 2013-05-23 05:45:39 -0400 (Thu, 23 May 2013)
New Revision: 17607
Added:
thirdparty/cxf/branches/cxf-2.2.12-patch-02_JBPAPP-10758/
Log:
[JBPAPP-10758] Create CXF One of patch branch
11 years, 7 months
JBossWS SVN: r17606 - stack/native/branches.
by jbossws-commits@lists.jboss.org
Author: mmusaji
Date: 2013-05-23 05:36:20 -0400 (Thu, 23 May 2013)
New Revision: 17606
Added:
stack/native/branches/jbossws-native-3.1.2.SP11_JBPAPP-10758/
Log:
[JBPAPP-10758] Create one off patch branch for WS-Native
11 years, 7 months
JBossWS SVN: r17605 - stack/cxf/trunk/modules/testsuite.
by jbossws-commits@lists.jboss.org
Author: alessio.soldano(a)jboss.com
Date: 2013-05-22 05:54:30 -0400 (Wed, 22 May 2013)
New Revision: 17605
Modified:
stack/cxf/trunk/modules/testsuite/pom.xml
Log:
[JBWS-3642] Replace gnu-getopt:getopt with gnu.getopt:java-getopt
Modified: stack/cxf/trunk/modules/testsuite/pom.xml
===================================================================
--- stack/cxf/trunk/modules/testsuite/pom.xml 2013-05-22 08:00:19 UTC (rev 17604)
+++ stack/cxf/trunk/modules/testsuite/pom.xml 2013-05-22 09:54:30 UTC (rev 17605)
@@ -50,8 +50,8 @@
<artifactId>jbossws-common-tools</artifactId>
</dependency>
<dependency>
- <groupId>gnu-getopt</groupId>
- <artifactId>getopt</artifactId>
+ <groupId>gnu.getopt</groupId>
+ <artifactId>java-getopt</artifactId>
<version>${gnu.getopt.version}</version>
<scope>test</scope>
</dependency>
11 years, 7 months
JBossWS SVN: r17604 - stack/cxf/trunk/modules/testsuite/cxf-tests/scripts.
by jbossws-commits@lists.jboss.org
Author: alessio.soldano(a)jboss.com
Date: 2013-05-22 04:00:19 -0400 (Wed, 22 May 2013)
New Revision: 17604
Modified:
stack/cxf/trunk/modules/testsuite/cxf-tests/scripts/cxf-jars-jaxws.xml
Log:
Fixing logging test module dependencies (no need for cxf impl)
Modified: stack/cxf/trunk/modules/testsuite/cxf-tests/scripts/cxf-jars-jaxws.xml
===================================================================
--- stack/cxf/trunk/modules/testsuite/cxf-tests/scripts/cxf-jars-jaxws.xml 2013-05-20 12:00:01 UTC (rev 17603)
+++ stack/cxf/trunk/modules/testsuite/cxf-tests/scripts/cxf-jars-jaxws.xml 2013-05-22 08:00:19 UTC (rev 17604)
@@ -340,7 +340,7 @@
<include name="org/jboss/test/ws/jaxws/cxf/logging/CustomInInterceptor.class"/>
</fileset>
<manifest>
- <attribute name="Dependencies" value="org.apache.cxf.impl"/> <!-- cxf impl required due to custom interceptor in deployment -->
+ <attribute name="Dependencies" value="org.jboss.ws.cxf.jbossws-cxf-client"/>
</manifest>
</jar>
11 years, 7 months
JBossWS SVN: r17603 - stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication.
by jbossws-commits@lists.jboss.org
Author: alessio.soldano(a)jboss.com
Date: 2013-05-20 08:00:01 -0400 (Mon, 20 May 2013)
New Revision: 17603
Modified:
stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingInterceptor.java
Log:
[JBWS-3541] Making SubjectCreatingInterceptor directly extend WSS4JInInterceptor and adding filter on Group instances when looking for subject user principal
Modified: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingInterceptor.java
===================================================================
--- stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingInterceptor.java 2013-05-20 06:39:33 UTC (rev 17602)
+++ stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingInterceptor.java 2013-05-20 12:00:01 UTC (rev 17603)
@@ -1,6 +1,6 @@
/*
* JBoss, Home of Professional Open Source.
- * Copyright 2011, Red Hat Middleware LLC, and individual contributors
+ * Copyright 2013, Red Hat Middleware LLC, and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
@@ -21,14 +21,32 @@
*/
package org.jboss.wsf.stack.cxf.security.authentication;
+import java.security.Principal;
+import java.security.acl.Group;
import java.util.HashMap;
import java.util.Map;
+import java.util.Set;
+import java.util.logging.Logger;
import javax.security.auth.Subject;
+import javax.xml.namespace.QName;
import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.security.SecurityToken;
+import org.apache.cxf.common.security.UsernameToken;
import org.apache.cxf.interceptor.Fault;
-import org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor;
+import org.apache.cxf.interceptor.security.DefaultSecurityContext;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.PhaseInterceptorChain;
+import org.apache.cxf.security.SecurityContext;
+import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
+import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
+import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.validate.UsernameTokenValidator;
+import org.apache.ws.security.validate.Validator;
import org.jboss.wsf.spi.deployment.Endpoint;
import org.jboss.wsf.spi.security.SecurityDomainContext;
import org.jboss.wsf.stack.cxf.security.nonce.NonceStore;
@@ -40,11 +58,15 @@
* @author alessio.soldano(a)jboss.com
*
*/
-public class SubjectCreatingInterceptor extends AbstractUsernameTokenAuthenticatingInterceptor
+public class SubjectCreatingInterceptor extends WSS4JInInterceptor
{
+ private static final Logger LOG = LogUtils.getL7dLogger(SubjectCreatingInterceptor.class);
+
private ThreadLocal<SecurityDomainContext> sdc = new ThreadLocal<SecurityDomainContext>();
private SubjectCreator helper = new SubjectCreator();
+
+ private boolean supportDigestPasswords;
public SubjectCreatingInterceptor()
{
@@ -54,15 +76,38 @@
public SubjectCreatingInterceptor(Map<String, Object> properties)
{
super(properties);
+ getAfter().add(PolicyBasedWSS4JInInterceptor.class.getName());
}
+ public void setSupportDigestPasswords(boolean support)
+ {
+ supportDigestPasswords = support;
+ }
+
+ public boolean getSupportDigestPasswords()
+ {
+ return supportDigestPasswords;
+ }
+
@Override
public void handleMessage(SoapMessage msg) throws Fault {
Endpoint ep = msg.getExchange().get(Endpoint.class);
sdc.set(ep.getSecurityDomainContext());
try
{
- super.handleMessage(msg);
+ SecurityToken token = msg.get(SecurityToken.class);
+ SecurityContext context = msg.get(SecurityContext.class);
+ if (token == null || context == null || context.getUserPrincipal() == null) {
+ super.handleMessage(msg);
+ return;
+ }
+ UsernameToken ut = (UsernameToken)token;
+
+ Subject subject = createSubject(ut.getName(), ut.getPassword(), ut.isHashed(),
+ ut.getNonce(), ut.getCreatedTime());
+
+ SecurityContext sc = doCreateSecurityContext(context.getUserPrincipal(), subject);
+ msg.put(SecurityContext.class, sc);
}
finally
{
@@ -72,8 +117,129 @@
}
}
}
+
+ @Override
+ protected SecurityContext createSecurityContext(final Principal p) {
+ Message msg = PhaseInterceptorChain.getCurrentMessage();
+ if (msg == null) {
+ throw new IllegalStateException("Current message is not available");
+ }
+ return doCreateSecurityContext(p, msg.get(Subject.class));
+ }
+
+ /**
+ * Creates default SecurityContext which implements isUserInRole using the
+ * following approach : skip the first Subject principal, and then check optional
+ * Groups the principal is a member of. Subclasses can override this method and implement
+ * a custom strategy instead
+ *
+ * @param p principal
+ * @param subject subject
+ * @return security context
+ */
+ protected SecurityContext doCreateSecurityContext(final Principal p, final Subject subject) {
+ return new DefaultSecurityContext(p, subject);
+ }
+
+ protected void setSubject(String name, String password, boolean isDigest, String nonce, String created)
+ throws WSSecurityException
+ {
+ Message msg = PhaseInterceptorChain.getCurrentMessage();
+ if (msg == null)
+ {
+ throw new IllegalStateException("Current message is not available");
+ }
+ Subject subject = null;
+ try
+ {
+ subject = createSubject(name, password, isDigest, nonce, created);
+ }
+ catch (Exception ex)
+ {
+ String errorMessage = "Failed Authentication : Subject has not been created";
+ LOG.severe(errorMessage);
+ throw new WSSecurityException(errorMessage, ex);
+ }
+ if (subject == null || subject.getPrincipals().size() == 0 || !checkUserPrincipal(subject.getPrincipals(), name))
+ {
+ String errorMessage = "Failed Authentication : Invalid Subject";
+ LOG.severe(errorMessage);
+ throw new WSSecurityException(errorMessage);
+ }
+ msg.put(Subject.class, subject);
+ }
+
+ private boolean checkUserPrincipal(Set<Principal> principals, String name)
+ {
+ for (Principal p : principals) {
+ if (!(p instanceof Group)) {
+ return p.getName().equals(name);
+ }
+ }
+ return false;
+ }
- @Override
+ @Override
+ protected WSSecurityEngine getSecurityEngine(boolean utNoCallbacks) {
+ Map<QName, Object> profiles = new HashMap<QName, Object>(1);
+
+ Validator validator = new CustomValidator();
+ profiles.put(WSSecurityEngine.USERNAME_TOKEN, validator);
+ return createSecurityEngine(profiles);
+ }
+
+ protected class CustomValidator extends UsernameTokenValidator {
+
+ @Override
+ protected void verifyCustomPassword(
+ org.apache.ws.security.message.token.UsernameToken usernameToken,
+ RequestData data
+ ) throws WSSecurityException {
+ SubjectCreatingInterceptor.this.setSubject(
+ usernameToken.getName(), usernameToken.getPassword(), false, null, null
+ );
+ }
+
+ @Override
+ protected void verifyPlaintextPassword(
+ org.apache.ws.security.message.token.UsernameToken usernameToken,
+ RequestData data
+ ) throws WSSecurityException {
+ SubjectCreatingInterceptor.this.setSubject(
+ usernameToken.getName(), usernameToken.getPassword(), false, null, null
+ );
+ }
+
+ @Override
+ protected void verifyDigestPassword(
+ org.apache.ws.security.message.token.UsernameToken usernameToken,
+ RequestData data
+ ) throws WSSecurityException {
+ if (!supportDigestPasswords) {
+ throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
+ }
+ String user = usernameToken.getName();
+ String password = usernameToken.getPassword();
+ boolean isHashed = usernameToken.isHashed();
+ String nonce = usernameToken.getNonce();
+ String createdTime = usernameToken.getCreated();
+ SubjectCreatingInterceptor.this.setSubject(
+ user, password, isHashed, nonce, createdTime
+ );
+ }
+
+ @Override
+ protected void verifyUnknownPassword(
+ org.apache.ws.security.message.token.UsernameToken usernameToken,
+ RequestData data
+ ) throws WSSecurityException {
+ SubjectCreatingInterceptor.this.setSubject(
+ usernameToken.getName(), null, false, null, null
+ );
+ }
+
+ }
+
public Subject createSubject(String name, String password, boolean isDigest, String nonce, String created)
{
return helper.createSubject(sdc.get(), name, password, isDigest, nonce, created);
11 years, 7 months
JBossWS SVN: r17602 - stack/cxf/trunk/modules/testsuite.
by jbossws-commits@lists.jboss.org
Author: alessio.soldano(a)jboss.com
Date: 2013-05-20 02:39:33 -0400 (Mon, 20 May 2013)
New Revision: 17602
Modified:
stack/cxf/trunk/modules/testsuite/pom.xml
Log:
Exclude remoting3 dependency in testsuite, as WF is now using remoting 4
Modified: stack/cxf/trunk/modules/testsuite/pom.xml
===================================================================
--- stack/cxf/trunk/modules/testsuite/pom.xml 2013-05-19 16:32:01 UTC (rev 17601)
+++ stack/cxf/trunk/modules/testsuite/pom.xml 2013-05-20 06:39:33 UTC (rev 17602)
@@ -806,6 +806,12 @@
<groupId>org.wildfly</groupId>
<artifactId>wildfly-webservices-tests-integration</artifactId>
<version>${jboss.version}</version>
+ <exclusions> <!-- Temp exclude while waiting for AS to be fixed -->
+ <exclusion>
+ <groupId>org.jboss.remoting3</groupId>
+ <artifactId>jboss-remoting</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
</dependencies>
<build>
11 years, 7 months
JBossWS SVN: r17601 - stack/cxf/trunk/modules/dist/src/main/distro.
by jbossws-commits@lists.jboss.org
Author: alessio.soldano(a)jboss.com
Date: 2013-05-19 12:32:01 -0400 (Sun, 19 May 2013)
New Revision: 17601
Modified:
stack/cxf/trunk/modules/dist/src/main/distro/build-testsuite.xml
Log:
Fixing logging in bin dist against WF
Modified: stack/cxf/trunk/modules/dist/src/main/distro/build-testsuite.xml
===================================================================
--- stack/cxf/trunk/modules/dist/src/main/distro/build-testsuite.xml 2013-05-19 15:58:39 UTC (rev 17600)
+++ stack/cxf/trunk/modules/dist/src/main/distro/build-testsuite.xml 2013-05-19 16:32:01 UTC (rev 17601)
@@ -542,8 +542,8 @@
<fileset dir="${jboss.home}/modules/system/layers/base/org/jboss/logmanager/main/">
<include name="jboss-logmanager-*.jar"/>
</fileset>
- <fileset dir="${jboss.home}/modules/system/layers/base/org/apache/log4j/main/">
- <include name="log4j-*.jar"/>
+ <fileset dir="${jboss.home}/modules/system/layers/base/org/jboss/log4j/logmanager/main/">
+ <include name="log4j-jboss-logmanager-*.jar"/>
</fileset>
<fileset dir="${jboss.home}/modules/system/layers/base/javax/mail/api/main/">
<include name="mail-*.jar"/>
11 years, 7 months
JBossWS SVN: r17600 - stack/cxf/trunk/modules/dist/src/main/distro.
by jbossws-commits@lists.jboss.org
Author: alessio.soldano(a)jboss.com
Date: 2013-05-19 11:58:39 -0400 (Sun, 19 May 2013)
New Revision: 17600
Modified:
stack/cxf/trunk/modules/dist/src/main/distro/build-testsuite.xml
Log:
Updating classpath in bin distro
Modified: stack/cxf/trunk/modules/dist/src/main/distro/build-testsuite.xml
===================================================================
--- stack/cxf/trunk/modules/dist/src/main/distro/build-testsuite.xml 2013-05-19 15:58:20 UTC (rev 17599)
+++ stack/cxf/trunk/modules/dist/src/main/distro/build-testsuite.xml 2013-05-19 15:58:39 UTC (rev 17600)
@@ -581,7 +581,7 @@
<fileset dir="${jboss.home}/modules/system/layers/base/javax/security/jacc/api/main/">
<include name="jboss-jacc-api*.jar"/>
</fileset>
- <fileset dir="${jboss.home}/modules/system/layers/base/org/jboss/remoting3/main/">
+ <fileset dir="${jboss.home}/modules/system/layers/base/org/jboss/remoting/main/">
<include name="jboss-remoting-*.jar"/>
</fileset>
<fileset dir="${jboss.home}/modules/system/layers/base/org/jboss/marshalling/river/main/">
11 years, 7 months
JBossWS SVN: r17599 - stack/cxf/trunk/modules/dist/src/main/scripts.
by jbossws-commits@lists.jboss.org
Author: alessio.soldano(a)jboss.com
Date: 2013-05-19 11:58:20 -0400 (Sun, 19 May 2013)
New Revision: 17599
Modified:
stack/cxf/trunk/modules/dist/src/main/scripts/assembly-deploy-artifacts.xml
Log:
[JBWS-3627] Updating jboss-as-webservices-tests GAV
Modified: stack/cxf/trunk/modules/dist/src/main/scripts/assembly-deploy-artifacts.xml
===================================================================
--- stack/cxf/trunk/modules/dist/src/main/scripts/assembly-deploy-artifacts.xml 2013-05-19 15:42:47 UTC (rev 17598)
+++ stack/cxf/trunk/modules/dist/src/main/scripts/assembly-deploy-artifacts.xml 2013-05-19 15:58:20 UTC (rev 17599)
@@ -106,7 +106,7 @@
<outputDirectory>deploy-artifacts/lib</outputDirectory>
<unpack>false</unpack>
<includes>
- <include>org.jboss.as:jboss-as-webservices-tests-integration:jar</include>
+ <include>org.wildfly:wildfly-webservices-tests-integration:jar</include>
</includes>
<outputFileNameMapping>jbossws-wildfly800-tests-integration.jar</outputFileNameMapping>
<scope>provided</scope>
11 years, 7 months