Charles Moulliard created CAMEL-5952:
----------------------------------------

             Summary: Even if we retrieve a javax.security.auth.Subject from 
Exchange message, the authentication fails
                 Key: CAMEL-5952
                 URL: https://issues.apache.org/jira/browse/CAMEL-5952
             Project: Camel
          Issue Type: Bug
    Affects Versions: 2.11.0
         Environment: camel-spring-security
            Reporter: Charles Moulliard
         Attachments: Screen Shot 2013-01-10 at 18.20.48.png

When we would like to authenticate a user using camel-spring-security & 
camel-cxf, we get the following message even if we have been able to retrieve a 
Subject from CamelExchange (see screenshot).

{code}
Class SpringSecurityPolicyAutorization

    ...

    protected Authentication getAuthentication(Message message) {

        Subject subject = message.getHeader(Exchange.AUTHENTICATION, 
Subject.class); // NOT NULL - SEE SCREENSHOT

        Authentication answer = null;
        if (subject != null) {
            answer = getAuthenticationAdapter().toAuthentication(subject);
        }
        
        // ANSWER IS NULL as the following code return null in     
DefaultAuthenticationAdapter

    public Authentication toAuthentication(Subject subject) {
        if (subject == null || subject.getPrincipals().size() == 0) {
            return null;
        }
        Set<Authentication> authentications  = 
subject.getPrincipals(Authentication.class);
        
        // IN OUR CASE, the Set size is equal to zero
        if (authentications.size() > 0) {
            // just return the first one 
            return authentications.iterator().next();
        } else {
            return convertToAuthentication(subject);
        }
    }

    /**
     * You can add the customer convert code here
     */
    protected Authentication convertToAuthentication(Subject subject) {
        return null;        
    }
{code}

Camel Route Config
{code}
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
       xmlns:cxf="http://camel.apache.org/schema/cxf";
       xmlns:spring-security="http://www.springframework.org/schema/security";
       xsi:schemaLocation="
        http://www.springframework.org/schema/beans
                  http://www.springframework.org/schema/beans/spring-beans.xsd
            http://www.springframework.org/schema/security
              http://www.springframework.org/schema/security/spring-security.xsd
                http://camel.apache.org/schema/spring
                  http://camel.apache.org/schema/spring/camel-spring.xsd
                http://camel.apache.org/schema/spring-security
                   
http://camel.apache.org/schema/spring-security/camel-spring-security.xsd
                http://camel.apache.org/schema/cxf
                  http://camel.apache.org/schema/cxf/camel-cxf.xsd";>

    <bean id="accessDecisionManager" 
class="org.springframework.security.access.vote.AffirmativeBased">
        <property name="allowIfAllAbstainDecisions" value="true"/>
        <property name="decisionVoters">
            <list>
                <bean 
class="org.springframework.security.access.vote.RoleVoter"/>
            </list>
        </property>
    </bean>

    <spring-security:authentication-manager alias="authenticationManager">
        <spring-security:authentication-provider 
user-service-ref="userDetailsService"/>
    </spring-security:authentication-manager>

    <spring-security:user-service id="userDetailsService">
        <spring-security:user name="jim" password="jimspassword" 
authorities="ROLE_USER, ROLE_ADMIN"/>
        <spring-security:user name="charles" password="charlespassword" 
authorities="ROLE_USER, ROLE_ADMIN"/>
        <spring-security:user name="bob" password="bobspassword" 
authorities="ROLE_USER"/>
    </spring-security:user-service>

    <authorizationPolicy id="admin" access="ROLE_ADMIN"
                         authenticationManager="authenticationManager"
                         accessDecisionManager="accessDecisionManager"
                         
xmlns="http://camel.apache.org/schema/spring-security"/>

    <cxf:cxfEndpoint id="WS"
                     address="http://localhost:9090/training/WebService";
                     serviceClass="com.fusesource.training.CustomerService">
        <cxf:outInterceptors>
            <ref bean="loggingOutInterceptor"/>
        </cxf:outInterceptors>
        <cxf:inInterceptors>
            <ref bean="loggingInInterceptor"/>
            <ref bean="wss4jInInterceptor"/>
        </cxf:inInterceptors>
    </cxf:cxfEndpoint>

    <bean id="loggingOutInterceptor" 
class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
    <bean id="loggingInInterceptor" 
class="org.apache.cxf.interceptor.LoggingInInterceptor"/>

    <bean id="wss4jInInterceptor" 
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
        <constructor-arg>
            <map>
                <entry key="action" value="UsernameToken Timestamp"/>
                <entry key="passwordType" value="PasswordDigest"/>
                <entry key="passwordCallbackClass" 
value="com.fusesource.training.camel.UTPasswordCallback"/>
            </map>
        </constructor-arg>
    </bean>

    <camelContext trace="false" xmlns="http://camel.apache.org/schema/spring";>
        <route id="cxf-to-client">
            <from uri="cxf:bean:WS"/>
            <policy ref="admin">
               <log message=">>> SOAP Action : ${in.header.SOAPAction}"/>
            </policy>
        </route>
    </camelContext>


</beans>
{code}



--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to