Author: alessio.soldano(a)jboss.com Date: 2011-06-06 12:00:20 -0400 (Mon, 06 Jun 2011) New Revision: 14474 Added: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SecurityActions.java Modified: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreator.java Log: [JBWS-3302][JBWS-3257] Setup TCCL before trying digest based authentication to allow PicketBox seeing JBWS classes on AS7 Added: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SecurityActions.java =================================================================== --- stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SecurityActions.java (rev 0) +++ stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SecurityActions.java 2011-06-06 16:00:20 UTC (rev 14474) @@ -0,0 +1,82 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2011, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.security.authentication; + +import java.security.AccessController; +import java.security.PrivilegedAction; + +/** + * + * @author alessio.soldano(a)jboss.com + * @since 22-Feb-2011 + * + */ +class SecurityActions +{ + /** + * Get context classloader. + * + * @return the current context classloader + */ + static ClassLoader getContextClassLoader() + { + SecurityManager sm = System.getSecurityManager(); + if (sm == null) + { + return Thread.currentThread().getContextClassLoader(); + } + else + { + return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() { + public ClassLoader run() + { + return Thread.currentThread().getContextClassLoader(); + } + }); + } + } + + /** + * Set context classloader. + * + * @param classLoader the classloader + */ + static void setContextClassLoader(final ClassLoader classLoader) + { + if (System.getSecurityManager() == null) + { + Thread.currentThread().setContextClassLoader(classLoader); + } + else + { + AccessController.doPrivileged(new PrivilegedAction<Object>() + { + public Object run() + { + Thread.currentThread().setContextClassLoader(classLoader); + return null; + } + }); + } + } + +} Modified: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreator.java =================================================================== --- stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreator.java 2011-06-06 12:54:39 UTC (rev 14473) +++ stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreator.java 2011-06-06 16:00:20 UTC (rev 14474) @@ -23,6 +23,7 @@ import java.security.Principal; import java.util.Calendar; +import java.util.TimeZone; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; @@ -30,6 +31,8 @@ import org.apache.cxf.common.security.SimplePrincipal; import org.jboss.logging.Logger; import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler; +import org.jboss.ws.common.utils.DelegateClassLoader; +import org.jboss.wsf.spi.classloading.ClassLoaderProvider; import org.jboss.wsf.spi.security.SecurityDomainContext; import org.jboss.wsf.stack.cxf.security.authentication.callback.UsernameTokenCallbackHandler; import org.jboss.wsf.stack.cxf.security.nonce.NonceStore; @@ -84,12 +87,22 @@ try { - if (ctx.isValid(principal, password, subject) == false) + ClassLoader tccl = SecurityActions.getContextClassLoader(); + //allow PicketBox to see jbossws modules' classes + SecurityActions.setContextClassLoader(new DelegateClassLoader(ClassLoaderProvider.getDefaultProvider().getServerIntegrationClassLoader(), tccl)); + try { - String msg = "Authentication failed, principal=" + principal.getName(); - log.error(msg); - throw new SecurityException(msg); + if (ctx.isValid(principal, password, subject) == false) + { + String msg = "Authentication failed, principal=" + principal.getName(); + log.error(msg); + throw new SecurityException(msg); + } } + finally + { + SecurityActions.setContextClassLoader(tccl); + } } finally {