Charles Moulliard created CAMEL-5952:
----------------------------------------
Summary: Even if we retrieve a javax.security.auth.Subject from
Exchange message, the authentication fails
Key: CAMEL-5952
URL: https://issues.apache.org/jira/browse/CAMEL-5952
Project: Camel
Issue Type: Bug
Affects Versions: 2.11.0
Environment: camel-spring-security
Reporter: Charles Moulliard
Attachments: Screen Shot 2013-01-10 at 18.20.48.png
When we would like to authenticate a user using camel-spring-security &
camel-cxf, we get the following message even if we have been able to retrieve a
Subject from CamelExchange (see screenshot).
{code}
Class SpringSecurityPolicyAutorization
...
protected Authentication getAuthentication(Message message) {
Subject subject = message.getHeader(Exchange.AUTHENTICATION,
Subject.class); // NOT NULL - SEE SCREENSHOT
Authentication answer = null;
if (subject != null) {
answer = getAuthenticationAdapter().toAuthentication(subject);
}
// ANSWER IS NULL as the following code return null in
DefaultAuthenticationAdapter
public Authentication toAuthentication(Subject subject) {
if (subject == null || subject.getPrincipals().size() == 0) {
return null;
}
Set<Authentication> authentications =
subject.getPrincipals(Authentication.class);
// IN OUR CASE, the Set size is equal to zero
if (authentications.size() > 0) {
// just return the first one
return authentications.iterator().next();
} else {
return convertToAuthentication(subject);
}
}
/**
* You can add the customer convert code here
*/
protected Authentication convertToAuthentication(Subject subject) {
return null;
}
{code}
Camel Route Config
{code}
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cxf="http://camel.apache.org/schema/cxf"
xmlns:spring-security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://camel.apache.org/schema/spring
http://camel.apache.org/schema/spring/camel-spring.xsd
http://camel.apache.org/schema/spring-security
http://camel.apache.org/schema/spring-security/camel-spring-security.xsd
http://camel.apache.org/schema/cxf
http://camel.apache.org/schema/cxf/camel-cxf.xsd">
<bean id="accessDecisionManager"
class="org.springframework.security.access.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="true"/>
<property name="decisionVoters">
<list>
<bean
class="org.springframework.security.access.vote.RoleVoter"/>
</list>
</property>
</bean>
<spring-security:authentication-manager alias="authenticationManager">
<spring-security:authentication-provider
user-service-ref="userDetailsService"/>
</spring-security:authentication-manager>
<spring-security:user-service id="userDetailsService">
<spring-security:user name="jim" password="jimspassword"
authorities="ROLE_USER, ROLE_ADMIN"/>
<spring-security:user name="charles" password="charlespassword"
authorities="ROLE_USER, ROLE_ADMIN"/>
<spring-security:user name="bob" password="bobspassword"
authorities="ROLE_USER"/>
</spring-security:user-service>
<authorizationPolicy id="admin" access="ROLE_ADMIN"
authenticationManager="authenticationManager"
accessDecisionManager="accessDecisionManager"
xmlns="http://camel.apache.org/schema/spring-security"/>
<cxf:cxfEndpoint id="WS"
address="http://localhost:9090/training/WebService"
serviceClass="com.fusesource.training.CustomerService">
<cxf:outInterceptors>
<ref bean="loggingOutInterceptor"/>
</cxf:outInterceptors>
<cxf:inInterceptors>
<ref bean="loggingInInterceptor"/>
<ref bean="wss4jInInterceptor"/>
</cxf:inInterceptors>
</cxf:cxfEndpoint>
<bean id="loggingOutInterceptor"
class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
<bean id="loggingInInterceptor"
class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
<bean id="wss4jInInterceptor"
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken Timestamp"/>
<entry key="passwordType" value="PasswordDigest"/>
<entry key="passwordCallbackClass"
value="com.fusesource.training.camel.UTPasswordCallback"/>
</map>
</constructor-arg>
</bean>
<camelContext trace="false" xmlns="http://camel.apache.org/schema/spring">
<route id="cxf-to-client">
<from uri="cxf:bean:WS"/>
<policy ref="admin">
<log message=">>> SOAP Action : ${in.header.SOAPAction}"/>
</policy>
</route>
</camelContext>
</beans>
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira