Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-3521

WebServiceContext.getUserPrincipal() is null for incoming SAML Token or transformed token

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.4
    • 2.4.1
    • WS-* Components
    • None
    • Blocked on External

    Description

      If my service provider receives a SAML token or a BinarySecurityToken (will be transformed) I can't read the principle using the JAX-WS WebServiceContext.

      example:

      ...
      @Resource
      WebServiceContext wsContext;

      public java.math.BigInteger doubleIt(java.math.BigInteger numberToDouble) {
      Principal pr = wsContext.getUserPrincipal();
      ...

      The method getUserPrincipal() returns null.

      I see two ways to fix this.

      1) Pass the principal to the constructor of WSSecurityEngineResult in the processor of WSS4J

      ex.
      if (assertion.isSigned())

      { result = new WSSecurityEngineResult(WSConstants.ST_SIGNED, assertion); }

      else

      { result = new WSSecurityEngineResult(WSConstants.ST_UNSIGNED, assertion); }

      similar for BinarySecurityTokenProcessor.

      This allows the CXF WSS4JInInterceptor to read the principal like this:
      final Principal p = (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);

      2) Extend the WSS4JInInterceptor to parse the SAMLToken (or the transformed if available), read the subject and create the CXF SecurityContext.

      Attachments

        1. DoubleItImpl.java
          2 kB
          Oliver Wulff

        Issue Links

          Activity

            People

              coheigea Colm O hEigeartaigh
              owulff Oliver Wulff
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: