Examples with Base64Exception org.apache.cxf.common.util.Base64Exception used on opensource projects

Search in sources :

Example 1 with Base64Exception

use of org.apache.cxf.common.util.Base64Exception in project midpoint by Evolveum.

the class MidpointRestAuthenticationHandler method filter.

@Override
public void filter(ContainerRequestContext requestCtx) throws IOException {
    Message m = JAXRSUtils.getCurrentMessage();
    AuthorizationPolicy policy = (AuthorizationPolicy) m.get(AuthorizationPolicy.class);
    if (policy != null) {
        passwordAuthenticator.handleRequest(policy, m, requestCtx);
        return;
    }
    String authorization = requestCtx.getHeaderString("Authorization");
    if (StringUtils.isBlank(authorization)) {
        RestServiceUtil.createAbortMessage(requestCtx);
        return;
    }
    String[] parts = authorization.split(" ");
    String authenticationType = parts[0];
    if (parts.length == 1) {
        if (RestAuthenticationMethod.SECURITY_QUESTIONS.equals(authenticationType)) {
            RestServiceUtil.createSecurityQuestionAbortMessage(requestCtx, "{\"user\" : \"username\"}");
            return;
        }
    }
    if (parts.length != 2 || (!RestAuthenticationMethod.SECURITY_QUESTIONS.equals(authenticationType))) {
        RestServiceUtil.createAbortMessage(requestCtx);
        return;
    }
    String base64Credentials = (parts.length == 2) ? parts[1] : null;
    try {
        String decodedCredentials = new String(Base64Utility.decode(base64Credentials));
        if (RestAuthenticationMethod.SECURITY_QUESTIONS.equals(authenticationType)) {
            policy = new AuthorizationPolicy();
            policy.setAuthorizationType(RestAuthenticationMethod.SECURITY_QUESTIONS.getMethod());
            policy.setAuthorization(decodedCredentials);
        }
        securityQuestionAuthenticator.handleRequest(policy, m, requestCtx);
    } catch (Base64Exception e) {
        RestServiceUtil.createSecurityQuestionAbortMessage(requestCtx, "{\"user\" : \"username\"}");
        return;
    }
}
Also used : AuthorizationPolicy(org.apache.cxf.configuration.security.AuthorizationPolicy) Message(org.apache.cxf.message.Message) Base64Exception(org.apache.cxf.common.util.Base64Exception)

Example 2 with Base64Exception

use of org.apache.cxf.common.util.Base64Exception in project tesb-rt-se by Talend.

the class SecurityContextFilter method filter.

@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
    Message message = JAXRSUtils.getCurrentMessage();
    SecurityContext sc = message.get(SecurityContext.class);
    if (sc != null) {
        Principal principal = sc.getUserPrincipal();
        if (principal != null) {
            String accountName = principal.getName();
            UserAccount account = accounts.getAccount(accountName);
            if (account == null) {
                account = accounts.getAccountWithAlias(accountName);
            }
            if (account == null) {
                requestContext.abortWith(createFaultResponse());
            } else {
                setNewSecurityContext(message, account.getName());
            }
            return;
        }
    }
    List<String> authValues = headers.getRequestHeader("Authorization");
    if (authValues == null || authValues.size() != 1) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    String[] values = authValues.get(0).split(" ");
    if (values.length != 2 || !"Basic".equals(values[0])) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    String decodedValue = null;
    try {
        decodedValue = new String(Base64Utility.decode(values[1]));
    } catch (Base64Exception ex) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    String[] namePassword = decodedValue.split(":");
    if (namePassword.length != 2) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    final UserAccount account = accounts.getAccount(namePassword[0]);
    if (account == null || !account.getPassword().equals(namePassword[1])) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    setNewSecurityContext(message, account.getName());
}
Also used : Message(org.apache.cxf.message.Message) Base64Exception(org.apache.cxf.common.util.Base64Exception) SecurityContext(org.apache.cxf.security.SecurityContext) SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal) Principal(java.security.Principal)

Example 3 with Base64Exception

use of org.apache.cxf.common.util.Base64Exception in project tesb-rt-se by Talend.

the class SecurityContextFilter method filter.

@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
    Message message = JAXRSUtils.getCurrentMessage();
    if (ui.getAbsolutePath().toString().endsWith(userRegistrationPath)) {
        return;
    }
    List<String> authValues = headers.getRequestHeader("Authorization");
    if (authValues.size() != 1) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    String[] values = authValues.get(0).split(" ");
    if (values.length != 2 || !"Basic".equals(values[0])) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    String decodedValue = null;
    try {
        decodedValue = new String(Base64Utility.decode(values[1]));
    } catch (Base64Exception ex) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    String[] namePassword = decodedValue.split(":");
    if (namePassword.length != 2) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    final UserAccount account = accounts.getAccount(namePassword[0]);
    if (account == null || !account.getPassword().equals(namePassword[1])) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    final SecurityContext sc = new SecurityContext() {

        public Principal getUserPrincipal() {
            return new SimplePrincipal(account.getName());
        }

        public boolean isUserInRole(String arg0) {
            return false;
        }
    };
    message.put(SecurityContext.class, sc);
}
Also used : Message(org.apache.cxf.message.Message) Base64Exception(org.apache.cxf.common.util.Base64Exception) SecurityContext(org.apache.cxf.security.SecurityContext) SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)

Example 4 with Base64Exception

use of org.apache.cxf.common.util.Base64Exception in project tesb-rt-se by Talend.

the class SecurityContextFilter method filter.

@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
    List<String> authValues = headers.getRequestHeader("Authorization");
    if (authValues.size() != 1) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    String[] values = authValues.get(0).split(" ");
    if (values.length != 2 || !"Basic".equals(values[0])) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    String decodedValue = null;
    try {
        decodedValue = new String(Base64Utility.decode(values[1]));
    } catch (Base64Exception ex) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    final String[] namePassword = decodedValue.split(":");
    if (namePassword.length != 2) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    String password = users.get(namePassword[0]);
    if (password == null || !password.equals(namePassword[1])) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    final SecurityContext sc = new SecurityContext() {

        public Principal getUserPrincipal() {
            return new SimplePrincipal(namePassword[0]);
        }

        public boolean isUserInRole(String arg0) {
            return false;
        }
    };
    JAXRSUtils.getCurrentMessage().put(SecurityContext.class, sc);
}
Also used : Base64Exception(org.apache.cxf.common.util.Base64Exception) SecurityContext(org.apache.cxf.security.SecurityContext) SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)

Example 5 with Base64Exception

use of org.apache.cxf.common.util.Base64Exception in project midpoint by Evolveum.

the class TestSecurityQuestionChallengeResponse method testChallengeResponse.

@Test
public void testChallengeResponse() {
    Response response = getUserAdministrator("SecQ");
    String challengeBase64 = assertAndGetChallenge(response);
    String usernameChallenge = null;
    try {
        usernameChallenge = new String(Base64Utility.decode(challengeBase64));
        logger.info("Username challenge: " + usernameChallenge);
    } catch (Base64Exception e) {
        fail("Failed to decode base64 username challenge");
    }
    String secQusernameChallenge = usernameChallenge.replace("username", "administrator");
    logger.info("Username response: " + secQusernameChallenge);
    response = getUserAdministrator("SecQ " + Base64Utility.encode(secQusernameChallenge.getBytes()));
    challengeBase64 = assertAndGetChallenge(response);
    String answerChallenge = null;
    try {
        answerChallenge = new String(Base64Utility.decode(challengeBase64));
        logger.info("Answer challenge: " + answerChallenge);
    } catch (Base64Exception e) {
        fail("Failed to decode base64 username challenge");
    }
    assertEquals("Wrong number of questions", 3, StringUtils.countMatches(answerChallenge, "\"qid\":"));
    String secQAnswerChallenge = "{" + "\"user\" : \"administrator\"," + "\"answer\" : [" + "{ " + "\"qid\" : \"http://midpoint.evolveum.com/xml/ns/public/security/question-2#q001\"," + "\"qans\" : \"5ecr3t\"" + "}," + "{ " + "\"qid\" : \"http://midpoint.evolveum.com/xml/ns/public/security/question-2#q002\"," + "\"qans\" : \"black\"" + "}" + "]" + "}";
    logger.info("Answer response: " + secQAnswerChallenge);
    response = getUserAdministrator("SecQ " + Base64Utility.encode(secQAnswerChallenge.getBytes()));
    assertEquals("Unexpected status code. Expected 200 but got " + response.getStatus(), 200, response.getStatus());
    UserType user = response.readEntity(UserType.class);
    assertNotNull("Returned entity in body must not be null.", user);
    logger.info("Returned entity: {}", user.asPrismObject().debugDump());
}
Also used : Response(javax.ws.rs.core.Response) Base64Exception(org.apache.cxf.common.util.Base64Exception) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) Test(org.testng.annotations.Test)

Aggregations

Base64Exception (org.apache.cxf.common.util.Base64Exception)23 EncryptionException (com.evolveum.midpoint.prism.crypto.EncryptionException)4 ByteArrayInputStream (java.io.ByteArrayInputStream)4 IOException (java.io.IOException)4 Certificate (java.security.cert.Certificate)4 SimplePrincipal (org.apache.cxf.common.security.SimplePrincipal)4 Message (org.apache.cxf.message.Message)4 SecurityContext (org.apache.cxf.security.SecurityContext)4 InputStream (java.io.InputStream)3 CertificateException (java.security.cert.CertificateException)3 X509Certificate (java.security.cert.X509Certificate)3 AuthorizationPolicy (org.apache.cxf.configuration.security.AuthorizationPolicy)3 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)3 InputStreamReader (java.io.InputStreamReader)2 Principal (java.security.Principal)2 PrivateKey (java.security.PrivateKey)2 RSAPublicKey (java.security.interfaces.RSAPublicKey)2 DataFormatException (java.util.zip.DataFormatException)2 Cipher (javax.crypto.Cipher)2 Response (javax.ws.rs.core.Response)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial