[jboss-cvs] Picketbox SVN: r420 - in trunk/security-jboss-sx/jbosssx/src: test/java/org/jboss/test/authentication/jaas and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu May 9 14:05:30 EDT 2013
Author: sguilhen at redhat.com
Date: 2013-05-09 14:05:29 -0400 (Thu, 09 May 2013)
New Revision: 420
Modified:
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/JASPICallbackHandler.java
trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authentication/jaas/JASPICallbackHandlerUnitTestCase.java
Log:
SECURITY-731, SECURITY-732: JASPICallbackHandler now merges roles and subjects retrieved from Callbacks with those found in the underlying security context. Previous behavior was to override the security context completely
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/JASPICallbackHandler.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/JASPICallbackHandler.java 2013-05-06 08:45:36 UTC (rev 419)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/JASPICallbackHandler.java 2013-05-09 18:05:29 UTC (rev 420)
@@ -87,16 +87,30 @@
Role role = new SimpleRole( rolesArray[ i ] );
rolesList.add( role );
}
- RoleGroup roles = new SimpleRoleGroup( SecurityConstants.ROLES_IDENTIFIER, rolesList );
- currentSC.getUtil().setRoles( roles );
+ RoleGroup roles = new SimpleRoleGroup( SecurityConstants.ROLES_IDENTIFIER, rolesList );
+
+ // if the current security context already has roles, we merge them with the incoming roles.
+ RoleGroup currentRoles = currentSC.getUtil().getRoles();
+ if (currentRoles != null) {
+ currentRoles.addAll(roles.getRoles());
+ }
+ else {
+ currentSC.getUtil().setRoles( roles );
+ }
}
Subject subject = groupPrincipalCallback.getSubject();
-
if( subject != null )
{
- currentSC.getSubjectInfo().setAuthenticatedSubject( subject );
- }
+ // if the current security context already has an associated subject, we merge it with the incoming subject.
+ Subject currentSubject = currentSC.getSubjectInfo().getAuthenticatedSubject();
+ if (currentSubject != null) {
+ subject.getPrincipals().addAll(currentSubject.getPrincipals());
+ subject.getPublicCredentials().addAll(currentSubject.getPublicCredentials());
+ subject.getPrivateCredentials().addAll(currentSubject.getPrivateCredentials());
+ }
+ currentSC.getSubjectInfo().setAuthenticatedSubject(subject);
+ }
}
else if( callback instanceof CallerPrincipalCallback )
{
@@ -110,8 +124,15 @@
if( subject != null )
{
- currentSC.getSubjectInfo().setAuthenticatedSubject( subject );
- }
+ // if the current security context already has an associated subject, we merge it with the incoming subject.
+ Subject currentSubject = currentSC.getSubjectInfo().getAuthenticatedSubject();
+ if (currentSubject != null) {
+ subject.getPrincipals().addAll(currentSubject.getPrincipals());
+ subject.getPublicCredentials().addAll(currentSubject.getPublicCredentials());
+ subject.getPrivateCredentials().addAll(currentSubject.getPrivateCredentials());
+ }
+ currentSC.getSubjectInfo().setAuthenticatedSubject(subject);
+ }
Principal callerPrincipal = callerPrincipalCallback.getPrincipal();
if (callerPrincipal == null && callerPrincipalCallback.getName() != null)
@@ -119,8 +140,9 @@
if( callerPrincipal != null )
{
- if (subject != null)
- subject.getPrincipals().add(callerPrincipal);
+ Subject currentSubject = currentSC.getSubjectInfo().getAuthenticatedSubject();
+ if (currentSubject != null)
+ currentSubject.getPrincipals().add(callerPrincipal);
Identity principalBasedIdentity = IdentityFactory.getIdentity( callerPrincipal, null );
currentSC.getSubjectInfo().addIdentity( principalBasedIdentity );
}
@@ -136,10 +158,22 @@
char[] password = passwordValidationCallback.getPassword();
Subject subject = passwordValidationCallback.getSubject();
- SecurityContextUtil util = currentSC.getUtil();
+// SecurityContextUtil util = currentSC.getUtil();
if( subject != null )
{
- util.createSubjectInfo( new SimplePrincipal( userName ), password, subject);
+ // if the current security context already has an associated subject, we merge it with the incoming subject.
+ Subject currentSubject = currentSC.getSubjectInfo().getAuthenticatedSubject();
+ if (currentSubject != null) {
+ subject.getPrincipals().addAll(currentSubject.getPrincipals());
+ subject.getPublicCredentials().addAll(currentSubject.getPublicCredentials());
+ subject.getPrivateCredentials().addAll(currentSubject.getPrivateCredentials());
+ }
+ currentSC.getSubjectInfo().setAuthenticatedSubject(subject);
+
+ // add the identity formed by username/pw to the security context.
+ Identity identity = IdentityFactory.getIdentity(new SimplePrincipal(userName), password);
+ currentSC.getSubjectInfo().addIdentity(identity);
+// util.createSubjectInfo( new SimplePrincipal( userName ), password, subject);
}
}
else super.handleCallBack(callback);
Modified: trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authentication/jaas/JASPICallbackHandlerUnitTestCase.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authentication/jaas/JASPICallbackHandlerUnitTestCase.java 2013-05-06 08:45:36 UTC (rev 419)
+++ trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authentication/jaas/JASPICallbackHandlerUnitTestCase.java 2013-05-09 18:05:29 UTC (rev 420)
@@ -34,15 +34,13 @@
import javax.security.auth.message.callback.GroupPrincipalCallback;
import javax.security.auth.message.callback.PasswordValidationCallback;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityContextAssociation;
-import org.jboss.security.SecurityContextFactory;
-import org.jboss.security.SimplePrincipal;
+import org.jboss.security.*;
import org.jboss.security.auth.callback.JASPICallbackHandler;
import org.jboss.security.identity.Identity;
import org.jboss.security.identity.RoleGroup;
import org.jboss.security.identity.extensions.CredentialIdentity;
import org.jboss.security.identity.plugins.SimpleRole;
+import org.junit.After;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -72,7 +70,15 @@
{
SecurityContextAssociation.setSecurityContext(null);
}
-
+
+ @After
+ public void clearSubjectInfo()
+ {
+ SecurityContext context = SecurityContextAssociation.getSecurityContext();
+ context.getUtil().createSubjectInfo(null, null, null);
+ }
+
+
@Test
public void testGroupPrincipalCallback() throws Exception
{
@@ -91,7 +97,7 @@
assertEquals( 2, roles.getRoles().size() );
assertTrue( roles.containsRole( new SimpleRole( "role1" )));
- assertTrue( roles.containsRole( new SimpleRole( "role2" )));
+ assertTrue( roles.containsRole( new SimpleRole( "role2" )));
}
@Test
More information about the jboss-cvs-commits
mailing list