[
https://issues.apache.org/jira/browse/CXF-3521?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oliver Wulff updated CXF-3521:
------------------------------
Attachment: DoubleItImpl.java
I've attached a new version for the SamlTokenTest which verifies the
UsernamePrinciple.
> WebServiceContext.getUserPrincipal() is null for incoming SAML Token or
> transformed token
> -----------------------------------------------------------------------------------------
>
> Key: CXF-3521
> URL: https://issues.apache.org/jira/browse/CXF-3521
> Project: CXF
> Issue Type: Improvement
> Components: WS-* Components
> Affects Versions: 2.4
> Reporter: Oliver Wulff
> Attachments: DoubleItImpl.java
>
>
> If my service provider receives a SAML token or a BinarySecurityToken (will
> be transformed) I can't read the principle using the JAX-WS WebServiceContext.
> example:
> ...
> @Resource
> WebServiceContext wsContext;
> public java.math.BigInteger doubleIt(java.math.BigInteger numberToDouble)
> {
> Principal pr = wsContext.getUserPrincipal();
> ...
> The method getUserPrincipal() returns null.
> I see two ways to fix this.
> 1) Pass the principal to the constructor of WSSecurityEngineResult in the
> processor of WSS4J
> ex.
> if (assertion.isSigned()) {
> result = new WSSecurityEngineResult(WSConstants.ST_SIGNED,
> assertion);
> } else {
> result = new WSSecurityEngineResult(WSConstants.ST_UNSIGNED,
> assertion);
> }
> similar for BinarySecurityTokenProcessor.
> This allows the CXF WSS4JInInterceptor to read the principal like this:
> final Principal p = (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);
> 2) Extend the WSS4JInInterceptor to parse the SAMLToken (or the transformed
> if available), read the subject and create the CXF SecurityContext.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
