[jboss-cvs] Picketbox SVN: r420 - in trunk/security-jboss-sx/jbosssx/src: test/java/org/jboss/test/authentication/jaas and 1 other directory.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Thu May 9 14:05:30 EDT 2013


Author: sguilhen at redhat.com
Date: 2013-05-09 14:05:29 -0400 (Thu, 09 May 2013)
New Revision: 420

Modified:
   trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/JASPICallbackHandler.java
   trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authentication/jaas/JASPICallbackHandlerUnitTestCase.java
Log:
SECURITY-731, SECURITY-732: JASPICallbackHandler now merges roles and subjects retrieved from Callbacks with those found in the underlying security context. Previous behavior was to override the security context completely

Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/JASPICallbackHandler.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/JASPICallbackHandler.java	2013-05-06 08:45:36 UTC (rev 419)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/JASPICallbackHandler.java	2013-05-09 18:05:29 UTC (rev 420)
@@ -87,16 +87,30 @@
               Role role = new SimpleRole( rolesArray[ i ] );
               rolesList.add( role );
            }
-           RoleGroup roles = new SimpleRoleGroup( SecurityConstants.ROLES_IDENTIFIER, rolesList ); 
-           currentSC.getUtil().setRoles( roles );   
+           RoleGroup roles = new SimpleRoleGroup( SecurityConstants.ROLES_IDENTIFIER, rolesList );
+
+           // if the current security context already has roles, we merge them with the incoming roles.
+           RoleGroup currentRoles = currentSC.getUtil().getRoles();
+           if (currentRoles != null) {
+               currentRoles.addAll(roles.getRoles());
+           }
+           else {
+               currentSC.getUtil().setRoles( roles );
+           }
          } 
          
          Subject subject = groupPrincipalCallback.getSubject();
-
          if( subject != null )
          {
-            currentSC.getSubjectInfo().setAuthenticatedSubject( subject );
-         } 
+            // if the current security context already has an associated subject, we merge it with the incoming subject.
+            Subject currentSubject = currentSC.getSubjectInfo().getAuthenticatedSubject();
+            if (currentSubject != null) {
+                subject.getPrincipals().addAll(currentSubject.getPrincipals());
+                subject.getPublicCredentials().addAll(currentSubject.getPublicCredentials());
+                subject.getPrivateCredentials().addAll(currentSubject.getPrivateCredentials());
+            }
+            currentSC.getSubjectInfo().setAuthenticatedSubject(subject);
+         }
       }
       else if( callback instanceof CallerPrincipalCallback )
       {
@@ -110,8 +124,15 @@
          
          if( subject != null )
          {
-            currentSC.getSubjectInfo().setAuthenticatedSubject( subject );
-         } 
+             // if the current security context already has an associated subject, we merge it with the incoming subject.
+             Subject currentSubject = currentSC.getSubjectInfo().getAuthenticatedSubject();
+             if (currentSubject != null) {
+                 subject.getPrincipals().addAll(currentSubject.getPrincipals());
+                 subject.getPublicCredentials().addAll(currentSubject.getPublicCredentials());
+                 subject.getPrivateCredentials().addAll(currentSubject.getPrivateCredentials());
+             }
+             currentSC.getSubjectInfo().setAuthenticatedSubject(subject);
+         }
          
          Principal callerPrincipal = callerPrincipalCallback.getPrincipal();
          if (callerPrincipal == null && callerPrincipalCallback.getName() != null)
@@ -119,8 +140,9 @@
          
          if( callerPrincipal != null )
          {
-            if (subject != null)
-               subject.getPrincipals().add(callerPrincipal);
+            Subject currentSubject = currentSC.getSubjectInfo().getAuthenticatedSubject();
+            if (currentSubject != null)
+                currentSubject.getPrincipals().add(callerPrincipal);
             Identity principalBasedIdentity = IdentityFactory.getIdentity( callerPrincipal, null );
             currentSC.getSubjectInfo().addIdentity( principalBasedIdentity ); 
          }
@@ -136,10 +158,22 @@
          char[] password = passwordValidationCallback.getPassword();
          Subject subject = passwordValidationCallback.getSubject();
          
-         SecurityContextUtil util = currentSC.getUtil();
+//         SecurityContextUtil util = currentSC.getUtil();
          if( subject != null )
          {
-            util.createSubjectInfo( new SimplePrincipal( userName ), password, subject); 
+             // if the current security context already has an associated subject, we merge it with the incoming subject.
+             Subject currentSubject = currentSC.getSubjectInfo().getAuthenticatedSubject();
+             if (currentSubject != null) {
+                 subject.getPrincipals().addAll(currentSubject.getPrincipals());
+                 subject.getPublicCredentials().addAll(currentSubject.getPublicCredentials());
+                 subject.getPrivateCredentials().addAll(currentSubject.getPrivateCredentials());
+             }
+             currentSC.getSubjectInfo().setAuthenticatedSubject(subject);
+
+             // add the identity formed by username/pw to the security context.
+             Identity identity = IdentityFactory.getIdentity(new SimplePrincipal(userName), password);
+             currentSC.getSubjectInfo().addIdentity(identity);
+//             util.createSubjectInfo( new SimplePrincipal( userName ), password, subject);
          }  
       }
       else super.handleCallBack(callback);

Modified: trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authentication/jaas/JASPICallbackHandlerUnitTestCase.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authentication/jaas/JASPICallbackHandlerUnitTestCase.java	2013-05-06 08:45:36 UTC (rev 419)
+++ trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authentication/jaas/JASPICallbackHandlerUnitTestCase.java	2013-05-09 18:05:29 UTC (rev 420)
@@ -34,15 +34,13 @@
 import javax.security.auth.message.callback.GroupPrincipalCallback;
 import javax.security.auth.message.callback.PasswordValidationCallback;
 
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityContextAssociation;
-import org.jboss.security.SecurityContextFactory;
-import org.jboss.security.SimplePrincipal;
+import org.jboss.security.*;
 import org.jboss.security.auth.callback.JASPICallbackHandler;
 import org.jboss.security.identity.Identity;
 import org.jboss.security.identity.RoleGroup;
 import org.jboss.security.identity.extensions.CredentialIdentity;
 import org.jboss.security.identity.plugins.SimpleRole;
+import org.junit.After;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
@@ -72,7 +70,15 @@
    {
       SecurityContextAssociation.setSecurityContext(null);
    }
-   
+
+   @After
+   public void clearSubjectInfo()
+   {
+      SecurityContext context = SecurityContextAssociation.getSecurityContext();
+      context.getUtil().createSubjectInfo(null, null, null);
+   }
+
+
    @Test
    public void testGroupPrincipalCallback() throws Exception
    {   
@@ -91,7 +97,7 @@
       
       assertEquals( 2, roles.getRoles().size() );
       assertTrue( roles.containsRole( new SimpleRole( "role1" )));
-      assertTrue( roles.containsRole( new SimpleRole( "role2" ))); 
+      assertTrue( roles.containsRole( new SimpleRole( "role2" )));
    } 
    
    @Test



More information about the jboss-cvs-commits mailing list