Bug 5499 - UsernameAuthorization not returning username as subject
: UsernameAuthorization not returning username as subject
Status: RESOLVED FIXED
: Java WS Security
Authorization
: 4.0.5
: All All
: P3 normal
: 4.0.6
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2007-08-23 13:56 by
Modified: 2008-01-16 16:36 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2007-08-23 13:56:58
In testing the UsernameAuthentication for the Univa Bootstrap Service, we found
that the UsernameAuthorization class was using the first Principle it found in
the web service message, so the subject was coming back as Proxy subject or
<anonymous> instead of the username specified in the security headers. 

Sam Meder coded the following changes that correct the issue:

***
C:\univa_globus_2_2_0_0_int\gt_405\wsrf\java\core\source\src\org\globus\wsrf\impl\security\authorization\UsernameAuthorization.java
   Tue Jul 24 15:50:52 2007 UTC
---
C:\univa_globus_2_2_0_0_int\uge\wsrf\java\core\source\src\org\globus\wsrf\impl\security\authorization\UsernameAuthorization.java
   Thu Aug 23 16:26:33 2007 UTC
***************
*** 10,44 ****
   */
  package org.globus.wsrf.impl.security.authorization;

  import javax.security.auth.Subject;
  import javax.security.auth.login.LoginContext;
  import javax.security.auth.login.LoginException;
- 
  import javax.xml.namespace.QName;
  import javax.xml.rpc.handler.MessageContext;

  import org.w3c.dom.Node;

! import org.globus.wsrf.security.authorization.PDP;
! import org.globus.wsrf.security.authorization.PDPConfig;
- 
  import org.globus.wsrf.impl.security.authorization.exceptions.CloseException;
  import
org.globus.wsrf.impl.security.authorization.exceptions.InitializeException;
  import
org.globus.wsrf.impl.security.authorization.exceptions.InvalidPolicyException;
! import
org.globus.wsrf.impl.security.authorization.exceptions.AuthorizationException;
- 
- import org.globus.gsi.jaas.PasswordCredential;
- 
- import javax.security.auth.callback.NameCallback;
- import javax.security.auth.callback.PasswordCallback;
- import javax.security.auth.callback.Callback;
- import javax.security.auth.callback.CallbackHandler;
- import javax.security.auth.callback.UnsupportedCallbackException;
- 
! import java.security.Principal;
- 
- import java.util.Set;
- import java.io.IOException;

  /**
   * Uses Java Login module to authorize based on user name and password
--- 10,41 ----
   */
  package org.globus.wsrf.impl.security.authorization;

+ import java.io.IOException;
+ import java.security.Principal;
+ import java.util.Iterator;
+ import java.util.Set;
+ 
  import javax.security.auth.Subject;
+ import javax.security.auth.callback.Callback;
+ import javax.security.auth.callback.CallbackHandler;
+ import javax.security.auth.callback.NameCallback;
+ import javax.security.auth.callback.PasswordCallback;
+ import javax.security.auth.callback.UnsupportedCallbackException;
  import javax.security.auth.login.LoginContext;
  import javax.security.auth.login.LoginException;
  import javax.xml.namespace.QName;
  import javax.xml.rpc.handler.MessageContext;

  import org.w3c.dom.Node;

! import org.globus.gsi.jaas.PasswordCredential;
! import org.globus.gsi.jaas.UserNamePrincipal;
+ import
org.globus.wsrf.impl.security.authorization.exceptions.AuthorizationException;
  import org.globus.wsrf.impl.security.authorization.exceptions.CloseException;
  import
org.globus.wsrf.impl.security.authorization.exceptions.InitializeException;
  import
org.globus.wsrf.impl.security.authorization.exceptions.InvalidPolicyException;
! import org.globus.wsrf.security.authorization.PDP;
! import org.globus.wsrf.security.authorization.PDPConfig;

  /**
   * Uses Java Login module to authorize based on user name and password
***************
*** 99,106 ****
          if ((principals == null) || principals.isEmpty()) {
              this.userName = null;
          } else {
!             this.userName = 
!                 ((Principal) principals.iterator().next()).getName();
          }
          Set privateCreds = 
              peerSubject.getPrivateCredentials(PasswordCredential.class);
--- 96,108 ----
          if ((principals == null) || principals.isEmpty()) {
              this.userName = null;
          } else {
+             Iterator iterator = principals.iterator();
+             while(iterator.hasNext()) {
+                 Principal principal = (Principal) iterator.next();
!                 if(principal instanceof UserNamePrincipal) {
!                     this.userName = principal.getName();
+                 }
+             }
          }
          Set privateCreds =
              peerSubject.getPrivateCredentials(PasswordCredential.class);
------- Comment #1 From 2007-08-23 18:42:00 -------
Fix committed to globus_4_0_branch. Should be a part of the next point release.

Thanks for the patch.