JBossWS SVN: r14397 - stack/cxf/trunk/modules/testsuite/cxf-spring-tests/scripts.
by jbossws-commits@lists.jboss.org
Author: alessio.soldano(a)jboss.com
Date: 2011-05-18 06:20:03 -0400 (Wed, 18 May 2011)
New Revision: 14397
Modified:
stack/cxf/trunk/modules/testsuite/cxf-spring-tests/scripts/cxf-samples-jaxws.xml
Log:
[JBWS-3249] Solving resource file resolution issue
Modified: stack/cxf/trunk/modules/testsuite/cxf-spring-tests/scripts/cxf-samples-jaxws.xml
===================================================================
--- stack/cxf/trunk/modules/testsuite/cxf-spring-tests/scripts/cxf-samples-jaxws.xml 2011-05-18 08:46:47 UTC (rev 14396)
+++ stack/cxf/trunk/modules/testsuite/cxf-spring-tests/scripts/cxf-samples-jaxws.xml 2011-05-18 10:20:03 UTC (rev 14397)
@@ -195,12 +195,17 @@
</classes>
<webinf dir="${tests.output.dir}/test-resources/jaxws/samples/wsse/username-authorize-custom/WEB-INF">
<include name="jboss-web.xml"/>
+ <include name="jbossws-cxf.xml"/>
+ <include name="wsdl/*"/>
+ </webinf>
+ <zipfileset dir="${tests.output.dir}/test-resources/jaxws/samples/wsse/username-authorize-custom/WEB-INF" prefix="WEB-INF/classes">
<include name="login-config.xml"/>
<include name="users.properties"/>
<include name="roles.properties"/>
- <include name="jbossws-cxf.xml"/>
- <include name="wsdl/*"/>
- </webinf>
+ </zipfileset>
+ <manifest>
+ <attribute name="Dependencies" value="org.jboss.ws.cxf.jbossws-cxf-server"/>
+ </manifest>
</war>
<!-- jaxws-samples-wsse-username-digest -->
@@ -224,6 +229,9 @@
-->
</webinf>
+ <manifest>
+ <attribute name="Dependencies" value="org.jboss.ws.cxf.jbossws-cxf-server"/>
+ </manifest>
</war>
<jar jarfile="${tests.output.dir}/test-libs/jaxws-samples-wsse-username-digest-service.sar">
13 years, 10 months
JBossWS SVN: r14396 - stack/cxf/trunk/modules/resources/src/main/resources/modules/org/jboss/as/webservices/main.
by jbossws-commits@lists.jboss.org
Author: alessio.soldano(a)jboss.com
Date: 2011-05-18 04:46:47 -0400 (Wed, 18 May 2011)
New Revision: 14396
Modified:
stack/cxf/trunk/modules/resources/src/main/resources/modules/org/jboss/as/webservices/main/module.xml
Log:
[AS7-776] Adding required module dependencies
Modified: stack/cxf/trunk/modules/resources/src/main/resources/modules/org/jboss/as/webservices/main/module.xml
===================================================================
--- stack/cxf/trunk/modules/resources/src/main/resources/modules/org/jboss/as/webservices/main/module.xml 2011-05-18 08:46:27 UTC (rev 14395)
+++ stack/cxf/trunk/modules/resources/src/main/resources/modules/org/jboss/as/webservices/main/module.xml 2011-05-18 08:46:47 UTC (rev 14396)
@@ -40,6 +40,7 @@
<module name="org.jboss.as.ejb3"/>
<module name="org.jboss.as.ee"/>
<module name="org.jboss.as.naming"/>
+ <module name="org.jboss.as.security"/>
<module name="org.jboss.as.web"/>
<module name="org.jboss.threads"/>
<module name="org.jboss.modules"/>
@@ -50,5 +51,6 @@
<module name="org.jboss.ws.api" />
<module name="org.jboss.ws.common" />
<module name="org.jboss.ws.spi" />
+ <module name="org.picketbox" />
</dependencies>
</module>
13 years, 10 months
JBossWS SVN: r14395 - stack/native/trunk/modules/resources/src/main/resources/modules/org/jboss/as/webservices/main.
by jbossws-commits@lists.jboss.org
Author: alessio.soldano(a)jboss.com
Date: 2011-05-18 04:46:27 -0400 (Wed, 18 May 2011)
New Revision: 14395
Modified:
stack/native/trunk/modules/resources/src/main/resources/modules/org/jboss/as/webservices/main/module.xml
Log:
[AS7-776] Adding required module dependencies
Modified: stack/native/trunk/modules/resources/src/main/resources/modules/org/jboss/as/webservices/main/module.xml
===================================================================
--- stack/native/trunk/modules/resources/src/main/resources/modules/org/jboss/as/webservices/main/module.xml 2011-05-18 08:45:46 UTC (rev 14394)
+++ stack/native/trunk/modules/resources/src/main/resources/modules/org/jboss/as/webservices/main/module.xml 2011-05-18 08:46:27 UTC (rev 14395)
@@ -40,6 +40,7 @@
<module name="org.jboss.as.ejb3"/>
<module name="org.jboss.as.ee"/>
<module name="org.jboss.as.naming"/>
+ <module name="org.jboss.as.security"/>
<module name="org.jboss.as.web"/>
<module name="org.jboss.threads"/>
<module name="org.jboss.modules"/>
@@ -50,5 +51,6 @@
<module name="org.jboss.ws.api" />
<module name="org.jboss.ws.common" />
<module name="org.jboss.ws.spi" />
+ <module name="org.picketbox" />
</dependencies>
</module>
13 years, 10 months
JBossWS SVN: r14394 - stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication.
by jbossws-commits@lists.jboss.org
Author: alessio.soldano(a)jboss.com
Date: 2011-05-18 04:45:46 -0400 (Wed, 18 May 2011)
New Revision: 14394
Removed:
stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/AuthenticationManagerLoader.java
Modified:
stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingInterceptor.java
Log:
[JBWS-3296] Use SecurityDomainContext abstraction instead of directly accessing picketbox/jboss-security for authentication/authorization
Deleted: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/AuthenticationManagerLoader.java
===================================================================
--- stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/AuthenticationManagerLoader.java 2011-05-18 08:44:52 UTC (rev 14393)
+++ stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/AuthenticationManagerLoader.java 2011-05-18 08:45:46 UTC (rev 14394)
@@ -1,52 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2010, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.wsf.stack.cxf.security.authentication;
-
-import javax.naming.Context;
-import javax.naming.InitialContext;
-import javax.naming.NamingException;
-
-import org.jboss.security.AuthenticationManager;
-
-/**
- * AuthenticationManager loader
- *
- * @author Sergey Beryozkin
- *
- */
-public class AuthenticationManagerLoader
-{
- public AuthenticationManager getManager()
- {
- try
- {
- Context ctx = new InitialContext();
- Object obj = ctx.lookup("java:/comp/env/security/securityMgr");
- return (AuthenticationManager) obj;
- }
- catch (NamingException ne)
- {
- throw new SecurityException("Unable to lookup AuthenticationManager using JNDI");
- }
- }
-
-}
Modified: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingInterceptor.java
===================================================================
--- stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingInterceptor.java 2011-05-18 08:44:52 UTC (rev 14393)
+++ stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingInterceptor.java 2011-05-18 08:45:46 UTC (rev 14394)
@@ -1,6 +1,6 @@
/*
* JBoss, Home of Professional Open Source.
- * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * Copyright 2011, Red Hat Middleware LLC, and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
@@ -21,25 +21,22 @@
*/
package org.jboss.wsf.stack.cxf.security.authentication;
-import java.io.IOException;
import java.security.Principal;
import java.util.Calendar;
-import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
+import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.security.SimplePrincipal;
+import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor;
import org.jboss.logging.Logger;
-import org.jboss.security.AuthenticationManager;
import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
-import org.jboss.wsf.spi.SPIProvider;
-import org.jboss.wsf.spi.SPIProviderResolver;
-import org.jboss.wsf.spi.invocation.SecurityAdaptor;
-import org.jboss.wsf.spi.invocation.SecurityAdaptorFactory;
+import org.jboss.wsf.spi.deployment.Endpoint;
+import org.jboss.wsf.spi.security.SecurityDomainContext;
import org.jboss.wsf.stack.cxf.security.authentication.callback.UsernameTokenCallbackHandler;
import org.jboss.wsf.stack.cxf.security.nonce.NonceStore;
import org.jboss.xb.binding.SimpleTypeBindings;
@@ -48,6 +45,7 @@
* Interceptor which authenticates a current principal and populates Subject
*
* @author Sergey Beryozkin
+ * @author alessio.soldano(a)jboss.com
*
*/
public class SubjectCreatingInterceptor extends AbstractUsernameTokenAuthenticatingInterceptor
@@ -56,17 +54,15 @@
private static final int TIMESTAMP_FRESHNESS_THRESHOLD = 300;
- private AuthenticationManagerLoader aml;
-
private boolean propagateContext;
- private SecurityAdaptorFactory secAdaptorFactory;
-
private int timestampThreshold = TIMESTAMP_FRESHNESS_THRESHOLD;
private NonceStore nonceStore;
private boolean decodeNonce = true;
+
+ private ThreadLocal<SecurityDomainContext> sdc = new ThreadLocal<SecurityDomainContext>();
public SubjectCreatingInterceptor()
{
@@ -76,19 +72,23 @@
public SubjectCreatingInterceptor(Map<String, Object> properties)
{
super(properties);
+ }
+
+ @Override
+ public void handleMessage(SoapMessage msg) throws Fault {
+ Endpoint ep = msg.getExchange().get(Endpoint.class);
+ sdc.set(ep.getSecurityDomainContext());
try
{
- aml = AuthenticationManagerLoader.class.newInstance();
+ super.handleMessage(msg);
}
- catch (Exception ex)
+ finally
{
- String msg = "AuthenticationManager can not be loaded";
- log.error(msg);
- throw new SecurityException(msg);
+ if (sdc != null)
+ {
+ sdc.remove();
+ }
}
- SPIProvider spiProvider = SPIProviderResolver.getInstance().getProvider();
- secAdaptorFactory = spiProvider.getSPI(SecurityAdaptorFactory.class);
-
}
@Override
@@ -108,18 +108,19 @@
}
// authenticate and populate Subject
- AuthenticationManager am = aml.getManager();
+
Principal principal = new SimplePrincipal(name);
Subject subject = new Subject();
+ SecurityDomainContext ctx = sdc.get();
boolean TRACE = log.isTraceEnabled();
if (TRACE)
- log.trace("About to authenticate, using security domain '" + am.getSecurityDomain() + "'");
+ log.trace("About to authenticate, using security domain '" + ctx.getSecurityDomain() + "'");
try
{
- if (am.isValid(principal, password, subject) == false)
+ if (ctx.isValid(principal, password, subject) == false)
{
String msg = "Authentication failed, principal=" + principal.getName();
log.error(msg);
@@ -141,8 +142,7 @@
if (propagateContext)
{
- SecurityAdaptor adaptor = secAdaptorFactory.newSecurityAdapter();
- adaptor.pushSubjectContext(subject, principal, password);
+ ctx.pushSubjectContext(subject, principal, password);
if (TRACE)
log.trace("Security Context has been propagated");
}
13 years, 10 months
JBossWS SVN: r14393 - stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/operation.
by jbossws-commits@lists.jboss.org
Author: alessio.soldano(a)jboss.com
Date: 2011-05-18 04:44:52 -0400 (Wed, 18 May 2011)
New Revision: 14393
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/AuthorizeOperation.java
Log:
[JBWS-3296] Use SecurityDomainContext instead of directly accessing picketbox/jboss-security for authentication/authorization
Modified: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/AuthorizeOperation.java
===================================================================
--- stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/AuthorizeOperation.java 2011-05-18 08:43:44 UTC (rev 14392)
+++ stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/AuthorizeOperation.java 2011-05-18 08:44:52 UTC (rev 14393)
@@ -21,34 +21,27 @@
*/
package org.jboss.ws.extensions.security.operation;
-import java.security.AccessController;
import java.security.Principal;
-import java.security.PrivilegedAction;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
-import javax.naming.Context;
-import javax.naming.InitialContext;
-import javax.naming.NamingException;
import javax.security.auth.Subject;
import org.jboss.logging.Logger;
-import org.jboss.security.AuthenticationManager;
-import org.jboss.security.RealmMapping;
-import org.jboss.security.SecurityAssociation;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.SimplePrincipal;
-import org.jboss.ws.WSException;
import org.jboss.ws.extensions.security.exception.FailedAuthenticationException;
import org.jboss.ws.extensions.security.exception.WSSecurityException;
import org.jboss.ws.metadata.wsse.Authorize;
import org.jboss.ws.metadata.wsse.Role;
import org.jboss.wsf.spi.SPIProvider;
import org.jboss.wsf.spi.SPIProviderResolver;
+import org.jboss.wsf.spi.classloading.ClassLoaderProvider;
+import org.jboss.wsf.spi.deployment.Endpoint;
+import org.jboss.wsf.spi.invocation.EndpointAssociation;
import org.jboss.wsf.spi.invocation.SecurityAdaptor;
import org.jboss.wsf.spi.invocation.SecurityAdaptorFactory;
+import org.jboss.wsf.spi.security.SecurityDomainContext;
/**
* Operation to authenticate and check the authorisation of the
@@ -59,35 +52,26 @@
*/
public class AuthorizeOperation
{
-
private static final Logger log = Logger.getLogger(AuthorizeOperation.class);
private Authorize authorize;
- private AuthenticationManager am;
-
- private RealmMapping rm;
-
private SecurityAdaptorFactory secAdapterfactory;
+
+ private SecurityDomainContext sdc;
public AuthorizeOperation(Authorize authorize)
{
this.authorize = authorize;
+ ClassLoader cl = ClassLoaderProvider.getDefaultProvider().getServerIntegrationClassLoader();
+ SPIProvider spiProvider = SPIProviderResolver.getInstance(cl).getProvider();
+ secAdapterfactory = spiProvider.getSPI(SecurityAdaptorFactory.class, cl);
- try
+ Endpoint ep = EndpointAssociation.getEndpoint();
+ if (ep != null)
{
- Context ctx = new InitialContext();
- Object obj = ctx.lookup("java:comp/env/security/securityMgr");
- am = (AuthenticationManager)obj;
- rm = (RealmMapping)am;
+ sdc = ep.getSecurityDomainContext();
}
- catch (NamingException ne)
- {
- throw new WSException("Unable to lookup AuthenticationManager", ne);
- }
-
- SPIProvider spiProvider = SPIProviderResolver.getInstance().getProvider();
- secAdapterfactory = spiProvider.getSPI(SecurityAdaptorFactory.class);
}
public void process() throws WSSecurityException
@@ -95,23 +79,35 @@
boolean TRACE = log.isTraceEnabled();
if (TRACE)
- log.trace("About to check authorization, using security domain '" + am.getSecurityDomain() + "'");
+ log.trace("About to check authorization, using security domain '" + sdc.getSecurityDomain() + "'");
// Step 1 - Authenticate using currently associated principals.
SecurityAdaptor securityAdaptor = secAdapterfactory.newSecurityAdapter();
Principal principal = securityAdaptor.getPrincipal();
Object credential = securityAdaptor.getCredential();
+ if (principal == null)
+ {
+ principal = new Principal()
+ {
+ @Override
+ public String getName()
+ {
+ return null;
+ }
+ };
+ }
+
Subject subject = new Subject();
- if (am.isValid(principal, credential, subject) == false)
+ if (sdc.isValid(principal, credential, subject) == false)
{
String msg = "Authentication failed, principal=" + principal;
log.error(msg);
SecurityException e = new SecurityException(msg);
throw new FailedAuthenticationException(e);
}
- securityAdaptor.pushSubjectContext(subject, principal, credential);
+ sdc.pushSubjectContext(subject, principal, credential);
if (TRACE)
log.trace("Authenticated, principal=" + principal);
@@ -130,9 +126,9 @@
if (TRACE)
log.trace("expectedRoles=" + expectedRoles);
- if (rm.doesUserHaveRole(principal, expectedRoles) == false)
+ if (sdc.doesUserHaveRole(principal, expectedRoles) == false)
{
- Set<Principal> userRoles = rm.getUserRoles(principal);
+ Set<Principal> userRoles = sdc.getUserRoles(principal);
String msg = "Insufficient method permissions, principal=" + principal + ", requiredRoles=" + expectedRoles + ", principalRoles=" + userRoles;
log.error(msg);
SecurityException e = new SecurityException(msg);
13 years, 10 months
JBossWS SVN: r14392 - in container/jboss60/branches/jbossws-jboss600/src/main: resources/jbossws-jboss.deployer/META-INF and 1 other directory.
by jbossws-commits@lists.jboss.org
Author: alessio.soldano(a)jboss.com
Date: 2011-05-18 04:43:44 -0400 (Wed, 18 May 2011)
New Revision: 14392
Added:
container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityDomainContextAdaptor.java
container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityDomainContextDeploymentAspect.java
Modified:
container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityAdapterImpl.java
container/jboss60/branches/jbossws-jboss600/src/main/resources/jbossws-jboss.deployer/META-INF/stack-agnostic-jboss-beans.xml
Log:
[JBWS-3296] Updating jboss600 container integration to support SecurityDomainContext abstraction
Modified: container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityAdapterImpl.java
===================================================================
--- container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityAdapterImpl.java 2011-05-18 08:42:19 UTC (rev 14391)
+++ container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityAdapterImpl.java 2011-05-18 08:43:44 UTC (rev 14392)
@@ -21,15 +21,9 @@
*/
package org.jboss.webservices.integration.security;
-import java.security.AccessController;
import java.security.Principal;
-import java.security.PrivilegedAction;
-import javax.security.auth.Subject;
-
import org.jboss.security.SecurityAssociation;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityContextAssociation;
import org.jboss.wsf.spi.invocation.SecurityAdaptor;
/**
@@ -87,31 +81,4 @@
{
SecurityAssociation.setCredential(credential);
}
-
- /**
- * @see org.jboss.wsf.spi.invocation.SecurityAdaptor#pushSubjectContext(Subject, Principal, Object)
- *
- * @param subject subject
- * @param principal principal
- * @param credential credential
- */
- public void pushSubjectContext(final Subject subject, final Principal principal, final Object credential)
- {
- AccessController.doPrivileged(new PrivilegedAction<Void>()
- {
-
- public Void run()
- {
- final SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
- if (securityContext == null)
- {
- throw new IllegalStateException("Security Context is null");
- }
-
- securityContext.getUtil().createSubjectInfo(principal, credential, subject);
-
- return null;
- }
- });
- }
}
Added: container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityDomainContextAdaptor.java
===================================================================
--- container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityDomainContextAdaptor.java (rev 0)
+++ container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityDomainContextAdaptor.java 2011-05-18 08:43:44 UTC (rev 14392)
@@ -0,0 +1,108 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2011, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.webservices.integration.security;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+import java.util.Set;
+
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+import javax.security.auth.Subject;
+
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.RealmMapping;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+
+/**
+ * org.jboss.wsf.spi.security.SecurityDomainContext implementation relying on AuthenticationManager
+ *
+ * @author alessio.soldano(a)jboss.com
+ * @since 18-May-2011
+ */
+public final class SecurityDomainContextAdaptor implements org.jboss.wsf.spi.security.SecurityDomainContext {
+
+ private AuthenticationManager authenticationManager;
+ private RealmMapping realmMapping;
+
+
+ public SecurityDomainContextAdaptor() {
+ //NOOP
+ }
+
+ private void setupAuthenticationManager() {
+ if (authenticationManager == null) {
+ try
+ {
+ Context ctx = new InitialContext();
+ Object obj = ctx.lookup("java:comp/env/security/securityMgr");
+ authenticationManager = (AuthenticationManager)obj;
+ realmMapping = (RealmMapping)authenticationManager;
+ }
+ catch (NamingException ne)
+ {
+ throw new RuntimeException("Unable to lookup AuthenticationManager", ne);
+ }
+ }
+ }
+
+ @Override
+ public boolean isValid(Principal principal, Object credential, Subject activeSubject) {
+ setupAuthenticationManager();
+ return authenticationManager.isValid(principal, credential, activeSubject);
+ }
+
+ @Override
+ public boolean doesUserHaveRole(Principal principal, Set<Principal> roles) {
+ setupAuthenticationManager();
+ return realmMapping.doesUserHaveRole(principal, roles);
+ }
+
+ @Override
+ public String getSecurityDomain() {
+ setupAuthenticationManager();
+ return authenticationManager.getSecurityDomain();
+ }
+
+ @Override
+ public Set<Principal> getUserRoles(Principal principal) {
+ setupAuthenticationManager();
+ return realmMapping.getUserRoles(principal);
+ }
+
+ @Override
+ public void pushSubjectContext(final Subject subject, final Principal principal, final Object credential) {
+ AccessController.doPrivileged(new PrivilegedAction<Void>() {
+ public Void run() {
+ SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
+ if (securityContext == null) {
+ throw new IllegalStateException("Security Context is null");
+ }
+ securityContext.getUtil().createSubjectInfo(principal, credential, subject);
+ return null;
+ }
+ });
+ }
+}
Added: container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityDomainContextDeploymentAspect.java
===================================================================
--- container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityDomainContextDeploymentAspect.java (rev 0)
+++ container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityDomainContextDeploymentAspect.java 2011-05-18 08:43:44 UTC (rev 14392)
@@ -0,0 +1,53 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.webservices.integration.security;
+
+import org.jboss.ws.common.deployment.EndpointLifecycleDeploymentAspect;
+import org.jboss.wsf.spi.deployment.Deployment;
+import org.jboss.wsf.spi.deployment.Endpoint;
+import org.jboss.wsf.spi.security.SecurityDomainContext;
+
+/**
+ * Extends EndpointLifecycleDeploymentAspect to setup the SecurityDomainContext
+ *
+ * @author <a href="mailto:alessio.soldano@jboss.com">Alessio Soldano/a>
+ */
+public final class SecurityDomainContextDeploymentAspect extends EndpointLifecycleDeploymentAspect
+{
+ /**
+ * Constructor.
+ */
+ public SecurityDomainContextDeploymentAspect()
+ {
+ super();
+ }
+
+ @Override
+ public void start(final Deployment dep)
+ {
+ super.start(dep);
+ SecurityDomainContext context = new SecurityDomainContextAdaptor();
+ for (Endpoint ep : dep.getService().getEndpoints()) {
+ ep.setSecurityDomainContext(context);
+ }
+ }
+}
Modified: container/jboss60/branches/jbossws-jboss600/src/main/resources/jbossws-jboss.deployer/META-INF/stack-agnostic-jboss-beans.xml
===================================================================
--- container/jboss60/branches/jbossws-jboss600/src/main/resources/jbossws-jboss.deployer/META-INF/stack-agnostic-jboss-beans.xml 2011-05-18 08:42:19 UTC (rev 14391)
+++ container/jboss60/branches/jbossws-jboss600/src/main/resources/jbossws-jboss.deployer/META-INF/stack-agnostic-jboss-beans.xml 2011-05-18 08:43:44 UTC (rev 14392)
@@ -117,7 +117,7 @@
<property name="provides">EndpointAddress</property>
</bean>
- <bean name="WSEndpointLifecycleDeploymentAspect" class="org.jboss.ws.common.deployment.EndpointLifecycleDeploymentAspect">
+ <bean name="WSEndpointLifecycleDeploymentAspect" class="org.jboss.webservices.integration.security.SecurityDomainContextDeploymentAspect">
<property name="provides">LifecycleHandler</property>
<property name="last">true</property>
</bean>
13 years, 10 months
JBossWS SVN: r14391 - common/trunk/src/main/java/org/jboss/ws/common/deployment.
by jbossws-commits@lists.jboss.org
Author: alessio.soldano(a)jboss.com
Date: 2011-05-18 04:42:19 -0400 (Wed, 18 May 2011)
New Revision: 14391
Modified:
common/trunk/src/main/java/org/jboss/ws/common/deployment/AbstractDefaultEndpoint.java
Log:
[JBWS-3296] Adding SecurityDomainContext to default endpoint implementation
Modified: common/trunk/src/main/java/org/jboss/ws/common/deployment/AbstractDefaultEndpoint.java
===================================================================
--- common/trunk/src/main/java/org/jboss/ws/common/deployment/AbstractDefaultEndpoint.java 2011-05-18 08:41:29 UTC (rev 14390)
+++ common/trunk/src/main/java/org/jboss/ws/common/deployment/AbstractDefaultEndpoint.java 2011-05-18 08:42:19 UTC (rev 14391)
@@ -37,6 +37,7 @@
import org.jboss.wsf.spi.invocation.InvocationHandler;
import org.jboss.wsf.spi.invocation.RequestHandler;
import org.jboss.wsf.spi.management.EndpointMetrics;
+import org.jboss.wsf.spi.security.SecurityDomainContext;
import org.jboss.ws.api.monitoring.Record;
import org.jboss.ws.api.monitoring.RecordFilter;
import org.jboss.ws.api.monitoring.RecordProcessor;
@@ -63,6 +64,7 @@
protected EndpointMetrics metrics;
protected String address;
protected List<RecordProcessor> recordProcessors = new Vector<RecordProcessor>();
+ protected SecurityDomainContext securityDomainContext;
AbstractDefaultEndpoint(String targetBean)
{
@@ -281,4 +283,14 @@
this.address = address;
}
+ public SecurityDomainContext getSecurityDomainContext()
+ {
+ return securityDomainContext;
+ }
+
+ public void setSecurityDomainContext(SecurityDomainContext securityDomainContext)
+ {
+ this.securityDomainContext = securityDomainContext;
+ }
+
}
13 years, 10 months
JBossWS SVN: r14390 - in spi/trunk/src/main/java/org/jboss/wsf/spi: invocation and 1 other directories.
by jbossws-commits@lists.jboss.org
Author: alessio.soldano(a)jboss.com
Date: 2011-05-18 04:41:29 -0400 (Wed, 18 May 2011)
New Revision: 14390
Added:
spi/trunk/src/main/java/org/jboss/wsf/spi/security/SecurityDomainContext.java
Modified:
spi/trunk/src/main/java/org/jboss/wsf/spi/deployment/Endpoint.java
spi/trunk/src/main/java/org/jboss/wsf/spi/invocation/SecurityAdaptor.java
Log:
[JBWS-3296] Providing SecurityDomainContext interface to abstract picketbox/jboss-security AuthenticationManager stuff
Modified: spi/trunk/src/main/java/org/jboss/wsf/spi/deployment/Endpoint.java
===================================================================
--- spi/trunk/src/main/java/org/jboss/wsf/spi/deployment/Endpoint.java 2011-05-18 08:39:13 UTC (rev 14389)
+++ spi/trunk/src/main/java/org/jboss/wsf/spi/deployment/Endpoint.java 2011-05-18 08:41:29 UTC (rev 14390)
@@ -31,6 +31,7 @@
import org.jboss.wsf.spi.invocation.InvocationHandler;
import org.jboss.wsf.spi.invocation.RequestHandler;
import org.jboss.wsf.spi.management.EndpointMetrics;
+import org.jboss.wsf.spi.security.SecurityDomainContext;
/**
* A general JAXWS endpoint.
@@ -140,4 +141,10 @@
/** Set endpoint address */
void setAddress(String address);
+
+ /** Get security domain context */
+ SecurityDomainContext getSecurityDomainContext();
+
+ /** Set security domain context */
+ void setSecurityDomainContext(SecurityDomainContext context);
}
Modified: spi/trunk/src/main/java/org/jboss/wsf/spi/invocation/SecurityAdaptor.java
===================================================================
--- spi/trunk/src/main/java/org/jboss/wsf/spi/invocation/SecurityAdaptor.java 2011-05-18 08:39:13 UTC (rev 14389)
+++ spi/trunk/src/main/java/org/jboss/wsf/spi/invocation/SecurityAdaptor.java 2011-05-18 08:41:29 UTC (rev 14390)
@@ -23,8 +23,6 @@
import java.security.Principal;
-import javax.security.auth.Subject;
-
/**
* A container independent security adaptor
*
@@ -38,6 +36,4 @@
Object getCredential();
void setCredential(Object credential);
-
- void pushSubjectContext(Subject subject, Principal principal, Object credential);
}
Added: spi/trunk/src/main/java/org/jboss/wsf/spi/security/SecurityDomainContext.java
===================================================================
--- spi/trunk/src/main/java/org/jboss/wsf/spi/security/SecurityDomainContext.java (rev 0)
+++ spi/trunk/src/main/java/org/jboss/wsf/spi/security/SecurityDomainContext.java 2011-05-18 08:41:29 UTC (rev 14390)
@@ -0,0 +1,89 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2011, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.wsf.spi.security;
+
+import java.security.Principal;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+/**
+ * A container independent security domain related facility
+ *
+ * @author alessio.soldano(a)jboss.com
+ * @since 13-May-2011
+ */
+public interface SecurityDomainContext
+{
+ public String getSecurityDomain();
+
+ // Authentication methods
+
+ /**
+ * The isValid method is invoked to see if a user identity and associated
+ * credentials as known in the operational environment are valid proof of the
+ * user identity.
+ *
+ * @param principal - the user identity in the operation environment
+ * @param credential - the proof of user identity as known in the
+ * operation environment
+ * @param activeSubject - the Subject which should be populated with the
+ * validated Subject contents. A JAAS based implementation would typically
+ * populate the activeSubject with the LoginContext.login result.
+ * @return true if the principal, credential pair is valid, false otherwise.
+ *
+ */
+ public boolean isValid(Principal principal, Object credential, Subject activeSubject);
+
+
+ // Authorization methods
+
+ /**
+ * Validates the application domain roles to which the operational
+ * environment Principal belongs.
+ *
+ * @param principal the caller principal as known in the operation environment.
+ * @param roles The Set<Principal> for the application domain roles that the
+ * principal is to be validated against.
+ * @return true if the principal has at least one of the roles in the roles set,
+ * false otherwise.
+ */
+ public boolean doesUserHaveRole(Principal principal, Set<Principal> roles);
+
+
+ /**
+ * Return the set of domain roles the principal has been assigned.
+ *
+ * @return The Set<Principal> for the application domain roles that the principal has been assigned.
+ */
+ public Set<Principal> getUserRoles(Principal principal);
+
+ /**
+ * Push the provided subject into the current security context; if that's not set yet,
+ * also creates a new security context and associates it with the current thread.
+ *
+ * @param subject
+ * @param principal
+ * @param credential
+ */
+ public void pushSubjectContext(final Subject subject, final Principal principal, final Object credential);
+}
13 years, 10 months
JBossWS SVN: r14389 - spi/trunk.
by jbossws-commits@lists.jboss.org
Author: alessio.soldano(a)jboss.com
Date: 2011-05-18 04:39:13 -0400 (Wed, 18 May 2011)
New Revision: 14389
Modified:
spi/trunk/pom.xml
Log:
Minor pom change
Modified: spi/trunk/pom.xml
===================================================================
--- spi/trunk/pom.xml 2011-05-12 16:26:19 UTC (rev 14388)
+++ spi/trunk/pom.xml 2011-05-18 08:39:13 UTC (rev 14389)
@@ -25,6 +25,7 @@
<!-- Properties -->
<properties>
+ <jbossws.api.version>1.0.0-SNAPSHOT</jbossws.api.version>
<jms.api.version>1.0.0.Final</jms.api.version>
<jboss.microcontainer.version>2.0.8.GA</jboss.microcontainer.version>
<jboss-logging-spi.version>2.0.5.GA</jboss-logging-spi.version>
@@ -38,9 +39,9 @@
<dependency>
<groupId>org.jboss.ws</groupId>
<artifactId>jbossws-api</artifactId>
- <version>1.0.0-SNAPSHOT</version>
+ <version>${jbossws.api.version}</version>
</dependency>
-
+
<!-- provided apis -->
<dependency>
<groupId>org.jboss.spec.javax.servlet</groupId>
13 years, 10 months
JBossWS SVN: r14388 - stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security.
by jbossws-commits@lists.jboss.org
Author: alessio.soldano(a)jboss.com
Date: 2011-05-12 12:26:19 -0400 (Thu, 12 May 2011)
New Revision: 14388
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/Util.java
Log:
Use proper classloader for looking up NonceFactory
Modified: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/Util.java
===================================================================
--- stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/Util.java 2011-05-12 16:12:15 UTC (rev 14387)
+++ stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/Util.java 2011-05-12 16:26:19 UTC (rev 14388)
@@ -27,6 +27,7 @@
import javax.xml.namespace.QName;
import org.jboss.ws.WSException;
+import org.jboss.wsf.spi.classloading.ClassLoaderProvider;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -218,7 +219,7 @@
@SuppressWarnings("unchecked")
public static <T> T loadFactory(Class<T> factoryType, String factoryClassName, Class<? extends T> defaultFactoryClassName)
{
- ClassLoader loader = SecurityActions.getContextClassLoader();
+ ClassLoader loader = ClassLoaderProvider.getDefaultProvider().getServerIntegrationClassLoader();
String name = factoryClassName != null ? factoryClassName : SecurityActions.getSystemProperty(factoryType.getName());
if (name == null)
name = defaultFactoryClassName.getName();
13 years, 10 months