[jbossws-commits] JBossWS SVN: r14474 - stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication.

Mon Jun 6 12:00:21 EDT 2011

Author: alessio.soldano at jboss.com
Date: 2011-06-06 12:00:20 -0400 (Mon, 06 Jun 2011)
New Revision: 14474

Added:
   stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SecurityActions.java
Modified:
   stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreator.java
Log:
[JBWS-3302][JBWS-3257] Setup TCCL before trying digest based authentication to allow PicketBox seeing JBWS classes on AS7


Added: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SecurityActions.java
===================================================================

--- stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SecurityActions.java	                        (rev 0)
+++ stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SecurityActions.java	2011-06-06 16:00:20 UTC (rev 14474)
@@ -0,0 +1,82 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2011, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.wsf.stack.cxf.security.authentication;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * 
+ * @author alessio.soldano at jboss.com
+ * @since 22-Feb-2011
+ *
+ */
+class SecurityActions
+{
+   /**
+    * Get context classloader.
+    * 
+    * @return the current context classloader
+    */
+   static ClassLoader getContextClassLoader()
+   {
+      SecurityManager sm = System.getSecurityManager();
+      if (sm == null)
+      {
+         return Thread.currentThread().getContextClassLoader();
+      }
+      else
+      {
+         return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {
+            public ClassLoader run()
+            {
+               return Thread.currentThread().getContextClassLoader();
+            }
+         });
+      }
+   }
+   
+   /**
+    * Set context classloader.
+    *
+    * @param classLoader the classloader
+    */
+   static void setContextClassLoader(final ClassLoader classLoader)
+   {
+      if (System.getSecurityManager() == null)
+      {
+         Thread.currentThread().setContextClassLoader(classLoader);
+      }
+      else
+      {
+         AccessController.doPrivileged(new PrivilegedAction<Object>()
+         {
+            public Object run()
+            {
+               Thread.currentThread().setContextClassLoader(classLoader);
+               return null;
+            }
+         });
+      }
+   }
+
+}

Modified: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreator.java
===================================================================
--- stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreator.java	2011-06-06 12:54:39 UTC (rev 14473)
+++ stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreator.java	2011-06-06 16:00:20 UTC (rev 14474)
@@ -23,6 +23,7 @@
 
 import java.security.Principal;
 import java.util.Calendar;
+import java.util.TimeZone;
 
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
@@ -30,6 +31,8 @@
 import org.apache.cxf.common.security.SimplePrincipal;
 import org.jboss.logging.Logger;
 import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
+import org.jboss.ws.common.utils.DelegateClassLoader;
+import org.jboss.wsf.spi.classloading.ClassLoaderProvider;
 import org.jboss.wsf.spi.security.SecurityDomainContext;
 import org.jboss.wsf.stack.cxf.security.authentication.callback.UsernameTokenCallbackHandler;
 import org.jboss.wsf.stack.cxf.security.nonce.NonceStore;
@@ -84,12 +87,22 @@
 
       try
       {
-         if (ctx.isValid(principal, password, subject) == false)
+         ClassLoader tccl = SecurityActions.getContextClassLoader();
+         //allow PicketBox to see jbossws modules' classes
+         SecurityActions.setContextClassLoader(new DelegateClassLoader(ClassLoaderProvider.getDefaultProvider().getServerIntegrationClassLoader(), tccl));
+         try
          {
-            String msg = "Authentication failed, principal=" + principal.getName();
-            log.error(msg);
-            throw new SecurityException(msg);
+            if (ctx.isValid(principal, password, subject) == false)
+            {
+               String msg = "Authentication failed, principal=" + principal.getName();
+               log.error(msg);
+               throw new SecurityException(msg);
+            }
          }
+         finally
+         {
+            SecurityActions.setContextClassLoader(tccl);
+         }
       }
       finally
       {

