summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorslaws <slaws@13f79535-47bb-0310-9956-ffa450edef68>2009-09-29 10:57:20 +0000
committerslaws <slaws@13f79535-47bb-0310-9956-ffa450edef68>2009-09-29 10:57:20 +0000
commitc873aa270ae11f4c690ecec13fdc597c515c2b15 (patch)
tree4ca372585f21ab807afebca66054d7ca7ac5a95d
parenta80c3fe0efbf184af56e2c07cc3ef28a735ad75e (diff)
Extend basic auth support to match the credentials set in the policy. Not a production solution but useful for demonstrating how policy can be used.
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@819883 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r--branches/sca-java-1.x/itest/policy-security-basicauth/src/main/resources/definitions.xml4
-rw-r--r--branches/sca-java-1.x/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/configurator/Axis2BindingBasicAuthenticationConfigurator.java14
-rw-r--r--branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java42
3 files changed, 43 insertions, 17 deletions
diff --git a/branches/sca-java-1.x/itest/policy-security-basicauth/src/main/resources/definitions.xml b/branches/sca-java-1.x/itest/policy-security-basicauth/src/main/resources/definitions.xml
index dbdf0cd263..455ca2f917 100644
--- a/branches/sca-java-1.x/itest/policy-security-basicauth/src/main/resources/definitions.xml
+++ b/branches/sca-java-1.x/itest/policy-security-basicauth/src/main/resources/definitions.xml
@@ -31,6 +31,10 @@
<tuscany:userName>myname</tuscany:userName>
<tuscany:password>mypassword</tuscany:password>
</tuscany:basicAuthentication>
+ <tuscany:basicAuthentication>
+ <tuscany:userName>myname1</tuscany:userName>
+ <tuscany:password>mypassword1</tuscany:password>
+ </tuscany:basicAuthentication>
</sca:policySet>
<sca:policySet name="ImplementationIdentityPolicySet"
diff --git a/branches/sca-java-1.x/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/configurator/Axis2BindingBasicAuthenticationConfigurator.java b/branches/sca-java-1.x/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/configurator/Axis2BindingBasicAuthenticationConfigurator.java
index 4c18c89353..0f73320c47 100644
--- a/branches/sca-java-1.x/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/configurator/Axis2BindingBasicAuthenticationConfigurator.java
+++ b/branches/sca-java-1.x/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/configurator/Axis2BindingBasicAuthenticationConfigurator.java
@@ -104,8 +104,18 @@ public class Axis2BindingBasicAuthenticationConfigurator {
// get the security context
Subject subject = SecurityUtil.getSubject(msg);
- BasicAuthenticationPrincipal principal = new BasicAuthenticationPrincipal(username,
- password);
+ BasicAuthenticationPrincipal principal = null;
+ try {
+ principal = new BasicAuthenticationPrincipal(username,
+ password);
+ } catch (Exception ex) {
+ // null test will throw a suitable exceptions
+ }
+
+ if (principal == null){
+ throw new ServiceRuntimeException("User credentials for authentication expected");
+ }
+
subject.getPrincipals().add(principal);
}
}
diff --git a/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java b/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java
index e783d77c97..c1fab9efe4 100644
--- a/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java
+++ b/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java
@@ -27,6 +27,7 @@ import org.apache.tuscany.sca.invocation.Invoker;
import org.apache.tuscany.sca.invocation.Message;
import org.apache.tuscany.sca.policy.PolicySet;
import org.apache.tuscany.sca.policy.SecurityUtil;
+import org.osoa.sca.ServiceRuntimeException;
/**
@@ -51,14 +52,7 @@ public class BasicAuthenticationServicePolicyInterceptor implements Interceptor
}
private void init() {
- if (policySet != null) {
- for (Object policyObject : policySet.getPolicies()){
- if (policyObject instanceof BasicAuthenticationPolicy){
- policy = (BasicAuthenticationPolicy)policyObject;
- break;
- }
- }
- }
+
}
public Message invoke(Message msg) {
@@ -66,17 +60,35 @@ public class BasicAuthenticationServicePolicyInterceptor implements Interceptor
Subject subject = SecurityUtil.getSubject(msg);
BasicAuthenticationPrincipal principal = SecurityUtil.getPrincipal(subject,
BasicAuthenticationPrincipal.class);
-
+ boolean authenticated = false;
+
if (principal != null){
- System.out.println("Username: " +
- principal.getName() +
- " Password: " +
- principal.getPassword());
+ System.out.println("Authenticating user: " +
+ principal.getName());
// could call out here to some 3rd party system to do whatever you
- // need to do do with username and password
-
+ // need to do do with username and password. For this very simple
+ // interceptor just check that the credentials match crendentials in
+ // the policy
+
+ if (policySet != null) {
+ for (Object policyObject : policySet.getPolicies()){
+ if (policyObject instanceof BasicAuthenticationPolicy){
+ BasicAuthenticationPolicy policy = (BasicAuthenticationPolicy)policyObject;
+
+ if (policy.getUserName().equals(principal.getName())){
+ if (policy.getPassword().equals(principal.getPassword())){
+ authenticated = true;
+ }
+ }
+ }
+ }
+ }
+ }
+
+ if (authenticated == false){
+ throw new ServiceRuntimeException("User: " + principal.getName() + " cannot be authenticated");
}
return getNext().invoke(msg);