Bug 5499 – UsernameAuthorization not returning username as subject

Bug 5499 - UsernameAuthorization not returning username as subject

Summary:

UsernameAuthorization not returning username as subject

Status:	RESOLVED FIXED

Product:	Java WS Security
Component:	Authorization
Version:	4.0.5
Platform:	All All

Importance:	P3 normal
Target Milestone:	4.0.6
Assigned To:	Rachana Ananthakrishnan

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2007-08-23 13:56 by Patrick Doran
Modified:	2008-01-16 16:36 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Patrick Doran 2007-08-23 13:56:58

In testing the UsernameAuthentication for the Univa Bootstrap Service, we found
that the UsernameAuthorization class was using the first Principle it found in
the web service message, so the subject was coming back as Proxy subject or
<anonymous> instead of the username specified in the security headers. 

Sam Meder coded the following changes that correct the issue:

***
C:\univa_globus_2_2_0_0_int\gt_405\wsrf\java\core\source\src\org\globus\wsrf\impl\security\authorization\UsernameAuthorization.java
   Tue Jul 24 15:50:52 2007 UTC
---
C:\univa_globus_2_2_0_0_int\uge\wsrf\java\core\source\src\org\globus\wsrf\impl\security\authorization\UsernameAuthorization.java
   Thu Aug 23 16:26:33 2007 UTC
***************
*** 10,44 ****
   */
  package org.globus.wsrf.impl.security.authorization;

  import javax.security.auth.Subject;
  import javax.security.auth.login.LoginContext;
  import javax.security.auth.login.LoginException;
- 
  import javax.xml.namespace.QName;
  import javax.xml.rpc.handler.MessageContext;

  import org.w3c.dom.Node;

! import org.globus.wsrf.security.authorization.PDP;
! import org.globus.wsrf.security.authorization.PDPConfig;
- 
  import org.globus.wsrf.impl.security.authorization.exceptions.CloseException;
  import
org.globus.wsrf.impl.security.authorization.exceptions.InitializeException;
  import
org.globus.wsrf.impl.security.authorization.exceptions.InvalidPolicyException;
! import
org.globus.wsrf.impl.security.authorization.exceptions.AuthorizationException;
- 
- import org.globus.gsi.jaas.PasswordCredential;
- 
- import javax.security.auth.callback.NameCallback;
- import javax.security.auth.callback.PasswordCallback;
- import javax.security.auth.callback.Callback;
- import javax.security.auth.callback.CallbackHandler;
- import javax.security.auth.callback.UnsupportedCallbackException;
- 
! import java.security.Principal;
- 
- import java.util.Set;
- import java.io.IOException;

  /**
   * Uses Java Login module to authorize based on user name and password
--- 10,41 ----
   */
  package org.globus.wsrf.impl.security.authorization;

+ import java.io.IOException;
+ import java.security.Principal;
+ import java.util.Iterator;
+ import java.util.Set;
+ 
  import javax.security.auth.Subject;
+ import javax.security.auth.callback.Callback;
+ import javax.security.auth.callback.CallbackHandler;
+ import javax.security.auth.callback.NameCallback;
+ import javax.security.auth.callback.PasswordCallback;
+ import javax.security.auth.callback.UnsupportedCallbackException;
  import javax.security.auth.login.LoginContext;
  import javax.security.auth.login.LoginException;
  import javax.xml.namespace.QName;
  import javax.xml.rpc.handler.MessageContext;

  import org.w3c.dom.Node;

! import org.globus.gsi.jaas.PasswordCredential;
! import org.globus.gsi.jaas.UserNamePrincipal;
+ import
org.globus.wsrf.impl.security.authorization.exceptions.AuthorizationException;
  import org.globus.wsrf.impl.security.authorization.exceptions.CloseException;
  import
org.globus.wsrf.impl.security.authorization.exceptions.InitializeException;
  import
org.globus.wsrf.impl.security.authorization.exceptions.InvalidPolicyException;
! import org.globus.wsrf.security.authorization.PDP;
! import org.globus.wsrf.security.authorization.PDPConfig;

  /**
   * Uses Java Login module to authorize based on user name and password
***************
*** 99,106 ****
          if ((principals == null) || principals.isEmpty()) {
              this.userName = null;
          } else {
!             this.userName = 
!                 ((Principal) principals.iterator().next()).getName();
          }
          Set privateCreds = 
              peerSubject.getPrivateCredentials(PasswordCredential.class);
--- 96,108 ----
          if ((principals == null) || principals.isEmpty()) {
              this.userName = null;
          } else {
+             Iterator iterator = principals.iterator();
+             while(iterator.hasNext()) {
+                 Principal principal = (Principal) iterator.next();
!                 if(principal instanceof UserNamePrincipal) {
!                     this.userName = principal.getName();
+                 }
+             }
          }
          Set privateCreds =
              peerSubject.getPrivateCredentials(PasswordCredential.class);

------- Comment #1 From Rachana Ananthakrishnan 2007-08-23 18:42:00 -------

Fix committed to globus_4_0_branch. Should be a part of the next point release.

Thanks for the patch.