Author: alessio.soldano(a)jboss.com
Date: 2011-05-18 04:45:46 -0400 (Wed, 18 May 2011)
New Revision: 14394
Removed:
stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/AuthenticationManagerLoader.java
Modified:
stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingInterceptor.java
Log:
[JBWS-3296] Use SecurityDomainContext abstraction instead of directly accessing
picketbox/jboss-security for authentication/authorization
Deleted:
stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/AuthenticationManagerLoader.java
===================================================================
---
stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/AuthenticationManagerLoader.java 2011-05-18
08:44:52 UTC (rev 14393)
+++
stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/AuthenticationManagerLoader.java 2011-05-18
08:45:46 UTC (rev 14394)
@@ -1,52 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2010, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.wsf.stack.cxf.security.authentication;
-
-import javax.naming.Context;
-import javax.naming.InitialContext;
-import javax.naming.NamingException;
-
-import org.jboss.security.AuthenticationManager;
-
-/**
- * AuthenticationManager loader
- *
- * @author Sergey Beryozkin
- *
- */
-public class AuthenticationManagerLoader
-{
- public AuthenticationManager getManager()
- {
- try
- {
- Context ctx = new InitialContext();
- Object obj = ctx.lookup("java:/comp/env/security/securityMgr");
- return (AuthenticationManager) obj;
- }
- catch (NamingException ne)
- {
- throw new SecurityException("Unable to lookup AuthenticationManager using
JNDI");
- }
- }
-
-}
Modified:
stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingInterceptor.java
===================================================================
---
stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingInterceptor.java 2011-05-18
08:44:52 UTC (rev 14393)
+++
stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingInterceptor.java 2011-05-18
08:45:46 UTC (rev 14394)
@@ -1,6 +1,6 @@
/*
* JBoss, Home of Professional Open Source.
- * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * Copyright 2011, Red Hat Middleware LLC, and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
@@ -21,25 +21,22 @@
*/
package org.jboss.wsf.stack.cxf.security.authentication;
-import java.io.IOException;
import java.security.Principal;
import java.util.Calendar;
-import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
+import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.security.SimplePrincipal;
+import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor;
import org.jboss.logging.Logger;
-import org.jboss.security.AuthenticationManager;
import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
-import org.jboss.wsf.spi.SPIProvider;
-import org.jboss.wsf.spi.SPIProviderResolver;
-import org.jboss.wsf.spi.invocation.SecurityAdaptor;
-import org.jboss.wsf.spi.invocation.SecurityAdaptorFactory;
+import org.jboss.wsf.spi.deployment.Endpoint;
+import org.jboss.wsf.spi.security.SecurityDomainContext;
import
org.jboss.wsf.stack.cxf.security.authentication.callback.UsernameTokenCallbackHandler;
import org.jboss.wsf.stack.cxf.security.nonce.NonceStore;
import org.jboss.xb.binding.SimpleTypeBindings;
@@ -48,6 +45,7 @@
* Interceptor which authenticates a current principal and populates Subject
*
* @author Sergey Beryozkin
+ * @author alessio.soldano(a)jboss.com
*
*/
public class SubjectCreatingInterceptor extends
AbstractUsernameTokenAuthenticatingInterceptor
@@ -56,17 +54,15 @@
private static final int TIMESTAMP_FRESHNESS_THRESHOLD = 300;
- private AuthenticationManagerLoader aml;
-
private boolean propagateContext;
- private SecurityAdaptorFactory secAdaptorFactory;
-
private int timestampThreshold = TIMESTAMP_FRESHNESS_THRESHOLD;
private NonceStore nonceStore;
private boolean decodeNonce = true;
+
+ private ThreadLocal<SecurityDomainContext> sdc = new
ThreadLocal<SecurityDomainContext>();
public SubjectCreatingInterceptor()
{
@@ -76,19 +72,23 @@
public SubjectCreatingInterceptor(Map<String, Object> properties)
{
super(properties);
+ }
+
+ @Override
+ public void handleMessage(SoapMessage msg) throws Fault {
+ Endpoint ep = msg.getExchange().get(Endpoint.class);
+ sdc.set(ep.getSecurityDomainContext());
try
{
- aml = AuthenticationManagerLoader.class.newInstance();
+ super.handleMessage(msg);
}
- catch (Exception ex)
+ finally
{
- String msg = "AuthenticationManager can not be loaded";
- log.error(msg);
- throw new SecurityException(msg);
+ if (sdc != null)
+ {
+ sdc.remove();
+ }
}
- SPIProvider spiProvider = SPIProviderResolver.getInstance().getProvider();
- secAdaptorFactory = spiProvider.getSPI(SecurityAdaptorFactory.class);
-
}
@Override
@@ -108,18 +108,19 @@
}
// authenticate and populate Subject
- AuthenticationManager am = aml.getManager();
+
Principal principal = new SimplePrincipal(name);
Subject subject = new Subject();
+ SecurityDomainContext ctx = sdc.get();
boolean TRACE = log.isTraceEnabled();
if (TRACE)
- log.trace("About to authenticate, using security domain '" +
am.getSecurityDomain() + "'");
+ log.trace("About to authenticate, using security domain '" +
ctx.getSecurityDomain() + "'");
try
{
- if (am.isValid(principal, password, subject) == false)
+ if (ctx.isValid(principal, password, subject) == false)
{
String msg = "Authentication failed, principal=" +
principal.getName();
log.error(msg);
@@ -141,8 +142,7 @@
if (propagateContext)
{
- SecurityAdaptor adaptor = secAdaptorFactory.newSecurityAdapter();
- adaptor.pushSubjectContext(subject, principal, password);
+ ctx.pushSubjectContext(subject, principal, password);
if (TRACE)
log.trace("Security Context has been propagated");
}