[jira] [Created] (CXF-3521) WebServiceContext.getUserPrincipal() is null for incoming SAML Token or transformed token

Mon, 16 May 2011 06:03:30 -0700 

WebServiceContext.getUserPrincipal() is null for incoming SAML Token or 
transformed token
-----------------------------------------------------------------------------------------

                 Key: CXF-3521
                 URL: https://issues.apache.org/jira/browse/CXF-3521
             Project: CXF
          Issue Type: Improvement
          Components: WS-* Components
    Affects Versions: 2.4
            Reporter: Oliver Wulff


If my service provider receives a SAML token or a BinarySecurityToken (will be 
transformed) I can't read the principle using the JAX-WS WebServiceContext.

example:

...
    @Resource
    WebServiceContext wsContext;

    public java.math.BigInteger doubleIt(java.math.BigInteger numberToDouble) {
        Principal pr = wsContext.getUserPrincipal();
...

The method getUserPrincipal() returns null.

I see two ways to fix this.

1) Pass the principal to the constructor of WSSecurityEngineResult in the 
processor of WSS4J

ex.
        if (assertion.isSigned()) {
            result = new WSSecurityEngineResult(WSConstants.ST_SIGNED, 
assertion);
        } else {
            result = new WSSecurityEngineResult(WSConstants.ST_UNSIGNED, 
assertion);
        }

similar for BinarySecurityTokenProcessor.

This allows the CXF WSS4JInInterceptor to read the principal like this:
final Principal p = (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);

2) Extend the WSS4JInInterceptor to parse the SAMLToken (or the transformed if 
available), read the subject and create the CXF SecurityContext.


--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to