JBossWS SVN: r18200 - in stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf: jaspi/config and 1 other directories. - jbossws-commits

Tuesday, 17 December 2013


Author: jim.ma
Date: 2013-12-17 22:54:30 -0500 (Tue, 17 Dec 2013)
New Revision: 18200

Modified:
  
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/ServerBeanCustomizer.java
  
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthConfig.java
  
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/UsernameTokenServerAuthModule.java
Log:
Configure the jaspi security domain in jaxws-endpoint-config.xml

Modified:
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/ServerBeanCustomizer.java
===================================================================
---
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/ServerBeanCustomizer.java	2013-12-17
17:00:35 UTC (rev 18199)
+++
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/ServerBeanCustomizer.java	2013-12-18
03:54:30 UTC (rev 18200)
@@ -23,8 +23,20 @@
 
 import java.io.IOException;
 import java.util.List;
+import java.util.Properties;
 
+import javax.security.auth.message.config.AuthConfigFactory;
+import javax.security.auth.message.config.AuthConfigProvider;
+import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.config.ServerAuthContext;
+
 import org.apache.cxf.frontend.ServerFactoryBean;
+import org.jboss.security.auth.callback.JBossCallbackHandler;
+import org.jboss.security.auth.login.AuthenticationInfo;
+import org.jboss.security.auth.login.BaseAuthenticationInfo;
+import org.jboss.security.auth.login.JASPIAuthenticationInfo;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.SecurityConfiguration;
 import org.jboss.ws.api.annotation.EndpointConfig;
 import org.jboss.ws.common.management.AbstractServerConfig;
 import org.jboss.wsf.spi.deployment.Endpoint;
@@ -33,10 +45,15 @@
 import org.jboss.wsf.spi.metadata.config.ConfigMetaDataParser;
 import org.jboss.wsf.spi.metadata.config.ConfigRoot;
 import org.jboss.wsf.stack.cxf.JBossWSInvoker;
+import org.jboss.wsf.stack.cxf.Loggers;
 import org.jboss.wsf.stack.cxf.Messages;
 import org.jboss.wsf.stack.cxf.client.configuration.BeanCustomizer;
 import org.jboss.wsf.stack.cxf.deployment.EndpointImpl;
 import org.jboss.wsf.stack.cxf.deployment.WSDLFilePublisher;
+import org.jboss.wsf.stack.cxf.interceptor.JaspiSeverInInterceptor;
+import org.jboss.wsf.stack.cxf.jaspi.JaspiServerAuthenticator;
+import org.jboss.wsf.stack.cxf.jaspi.config.JBossWSAuthConfigProvider;
+import org.jboss.wsf.stack.cxf.jaspi.config.JBossWSAuthConstants;
 
 /**
  * 
@@ -151,13 +168,19 @@
             {
                UnifiedVirtualFile vf = deploymentRoot.findChild(configFile);
                ConfigRoot config = ConfigMetaDataParser.parse(vf.toURL());
-               endpoint.setEndpointConfig(config.getEndpointConfigByName(configName));
+               endpoint.setEndpointConfig(config.getEndpointConfigByName(configName));  
             }
             catch (IOException e)
             {
                throw Messages.MESSAGES.couldNotReadConfigFile(configFile);
             }
          }
+         
+         if (endpoint.getProperties().get(JaspiServerAuthenticator.JASPI_SECURITY_DOMAIN)
!=null) {
+            String  jaspiSecurityDomain =
(String)endpoint.getProperties().get(JaspiServerAuthenticator.JASPI_SECURITY_DOMAIN);
+            addJaspiInterceptor(endpoint, jaspiSecurityDomain);    
+          } 
+         
       }
    }
    
@@ -185,5 +208,48 @@
    {
       this.epConfigFile = epConfigFile;
    }
+   
+   
+   private void addJaspiInterceptor(EndpointImpl endpoint, String securityDomain) {
+      if (securityDomain == null) {
+         return;
+      }
+      ApplicationPolicy appPolicy =
SecurityConfiguration.getApplicationPolicy(securityDomain);
+      if (appPolicy == null) {
+         Loggers.ROOT_LOGGER.noApplicationPolicy(securityDomain);
+         return;
+      }
+      BaseAuthenticationInfo bai = appPolicy.getAuthenticationInfo();
+      if (bai == null || bai instanceof AuthenticationInfo) {
+         Loggers.ROOT_LOGGER.noJaspiApplicationPolicy(securityDomain);
+         return;
+      } 
+      JASPIAuthenticationInfo jai = (JASPIAuthenticationInfo) bai;
+      String contextRoot = depEndpoints.get(0).getService().getContextRoot();
+      String appId = "localhost " + contextRoot;
+      AuthConfigFactory factory = AuthConfigFactory.getFactory();
+      Properties properties = new Properties();
+      AuthConfigProvider provider = new JBossWSAuthConfigProvider(properties, factory);
+      provider = factory.getConfigProvider(JBossWSAuthConstants.SOAP_LAYER, appId,
null);
 
+      JBossCallbackHandler callbackHandler = new JBossCallbackHandler();
+      JaspiServerAuthenticator serverAuthenticator = null;
+      try
+      {
+         ServerAuthConfig serverConfig =
provider.getServerAuthConfig(JBossWSAuthConstants.SOAP_LAYER, appId, callbackHandler);
+         Properties serverContextProperties = new Properties();
+         serverContextProperties.put("security-domain", securityDomain);
+         serverContextProperties.put("jaspi-policy", jai);
+         serverContextProperties.put(javax.xml.ws.Endpoint.class, endpoint);
+         String authContextID = endpoint.getBeanName();
+         ServerAuthContext sctx = serverConfig.getAuthContext(authContextID, null,
serverContextProperties);
+         serverAuthenticator = new JaspiServerAuthenticator(sctx);
+         endpoint.getInInterceptors().add(new
JaspiSeverInInterceptor(serverAuthenticator));
+      }
+      catch (Exception e)
+      {
+         Loggers.DEPLOYMENT_LOGGER.cannotCreateServerAuthContext(securityDomain);
+      }     
+   }
+
 }

Modified:
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthConfig.java
===================================================================
---
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthConfig.java	2013-12-17
17:00:35 UTC (rev 18199)
+++
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthConfig.java	2013-12-18
03:54:30 UTC (rev 18200)
@@ -47,7 +47,6 @@
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.interceptor.InterceptorProvider;
 import org.jboss.security.auth.callback.JBossCallbackHandler;
 import org.jboss.security.auth.container.config.AuthModuleEntry;
 import org.jboss.security.auth.login.JASPIAuthenticationInfo;
@@ -94,7 +93,6 @@
             moduleCL = locator.get(jbossModule);
       }
 
-      InterceptorProvider ip =
(InterceptorProvider)contextProperties.get(InterceptorProvider.class);
       for (AuthModuleEntry ame : amearr)
       {
          if (ame.getLoginModuleStackHolderName() != null)
@@ -106,9 +104,10 @@
                ServerAuthModule sam = this.createSAM(moduleCL, ame.getAuthModuleName(),
ame.getLoginModuleStackHolderName());
 
                Map options = new HashMap();
-               options.put(InterceptorProvider.class, ip);
                Bus bus = (Bus)properties.get(Bus.class);
                options.put(Bus.class, bus);
+               javax.xml.ws.Endpoint endpoint =
(javax.xml.ws.Endpoint)properties.get(javax.xml.ws.Endpoint.class);
+               options.put(javax.xml.ws.Endpoint.class, endpoint);
                
                sam.initialize(null, null, callbackHandler, options);
                modules.add(sam);

Modified:
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/UsernameTokenServerAuthModule.java
===================================================================
---
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/UsernameTokenServerAuthModule.java	2013-12-17
17:00:35 UTC (rev 18199)
+++
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/UsernameTokenServerAuthModule.java	2013-12-18
03:54:30 UTC (rev 18200)
@@ -32,7 +32,6 @@
 import javax.xml.soap.SOAPMessage;
 
 import org.apache.cxf.Bus;
-import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.interceptor.InterceptorProvider;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.jboss.security.auth.container.modules.AbstractServerAuthModule;
@@ -44,7 +43,7 @@
 public class UsernameTokenServerAuthModule extends AbstractServerAuthModule
 {
    private String securityDomainName = null;
-   private Endpoint endpoint = null;
+   private javax.xml.ws.Endpoint endpoint = null;
    private Bus bus = null;
    private InterceptorProvider ip = null;
 
@@ -52,7 +51,7 @@
    public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy,
CallbackHandler handler, Map options) throws AuthException
    {
       super.initialize(requestPolicy, responsePolicy, handler, options);
-      endpoint = (Endpoint)options.get(Endpoint.class);
+      endpoint = (javax.xml.ws.Endpoint)options.get(javax.xml.ws.Endpoint.class);
       if (endpoint == null && options.get(Bus.class) != null)
       {
          bus = (Bus)options.get(Bus.class);
@@ -60,7 +59,7 @@
          ip = (InterceptorProvider)bus;
       }
       if (endpoint != null) {
-         endpoint.put(SecurityConstants.VALIDATE_TOKEN, false);
+         endpoint.getProperties().put(SecurityConstants.VALIDATE_TOKEN, false);
          ip = (InterceptorProvider)endpoint;
       }
       if (ip != null)


    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

JBossWS SVN: r18200 - in stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf: jaspi/config and 1 other directories.