Search in sources :

Example 6 with SimpleGroup

use of org.apache.cxf.common.security.SimpleGroup in project cxf by apache.

the class SimpleUsernameTokenInterceptor method createSubject.

protected Subject createSubject(String name, String password, boolean isDigest, String nonce, String created) throws SecurityException {
    Subject subject = new Subject();
    // delegate to the external security system if possible
    // authenticate the user somehow
    subject.getPrincipals().add(new SimplePrincipal(name));
    // add roles this user is in
    String roleName = "Alice".equals(name) ? "developers" : "pms";
    subject.getPrincipals().add(new SimpleGroup(roleName, name));
    subject.setReadOnly();
    return subject;
}
Also used : SimpleGroup(org.apache.cxf.common.security.SimpleGroup) Subject(javax.security.auth.Subject) SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)

Example 7 with SimpleGroup

use of org.apache.cxf.common.security.SimpleGroup in project cxf by apache.

the class CustomUTValidator method validate.

public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
    Credential cred = super.validate(credential, data);
    UsernameToken ut = credential.getUsernametoken();
    WSUsernameTokenPrincipalImpl principal = new WSUsernameTokenPrincipalImpl(ut.getName(), ut.isHashed());
    principal.setCreatedTime(ut.getCreated());
    principal.setNonce(principal.getNonce());
    principal.setPassword(ut.getPassword());
    principal.setPasswordType(ut.getPasswordType());
    Subject subject = new Subject();
    subject.getPrincipals().add(principal);
    if ("Alice".equals(ut.getName())) {
        subject.getPrincipals().add(new SimpleGroup("manager", ut.getName()));
    }
    subject.getPrincipals().add(new SimpleGroup("worker", ut.getName()));
    cred.setSubject(subject);
    return cred;
}
Also used : Credential(org.apache.wss4j.dom.validate.Credential) UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken) SimpleGroup(org.apache.cxf.common.security.SimpleGroup) Subject(javax.security.auth.Subject) WSUsernameTokenPrincipalImpl(org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl)

Example 8 with SimpleGroup

use of org.apache.cxf.common.security.SimpleGroup in project cxf by apache.

the class CustomStaxUTValidator method validate.

@SuppressWarnings("unchecked")
@Override
public <T extends UsernameSecurityToken & InboundSecurityToken> T validate(UsernameTokenType usernameTokenType, TokenContext tokenContext) throws WSSecurityException {
    UsernameSecurityTokenImpl token = super.</*fake @see above*/
    UsernameSecurityTokenImpl>validate(usernameTokenType, tokenContext);
    Subject subject = new Subject();
    subject.getPrincipals().add(token.getPrincipal());
    if ("Alice".equals(token.getUsername())) {
        subject.getPrincipals().add(new SimpleGroup("manager", token.getUsername()));
    }
    subject.getPrincipals().add(new SimpleGroup("worker", token.getUsername()));
    token.setSubject(subject);
    return (T) token;
}
Also used : UsernameSecurityTokenImpl(org.apache.wss4j.stax.impl.securityToken.UsernameSecurityTokenImpl) SimpleGroup(org.apache.cxf.common.security.SimpleGroup) Subject(javax.security.auth.Subject)

Example 9 with SimpleGroup

use of org.apache.cxf.common.security.SimpleGroup in project cxf by apache.

the class SimpleSubjectCreatingInterceptor method createSubject.

@Override
protected Subject createSubject(String name, String password, boolean isDigest, String nonce, String created) throws SecurityException {
    Subject subject = new Subject();
    // delegate to the external security system if possible
    subject.getPrincipals().add(new SimplePrincipal(name));
    subject.getPrincipals().add(new SimpleGroup("developers", name));
    subject.setReadOnly();
    return subject;
}
Also used : SimpleGroup(org.apache.cxf.common.security.SimpleGroup) Subject(javax.security.auth.Subject) SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)

Example 10 with SimpleGroup

use of org.apache.cxf.common.security.SimpleGroup in project cxf by apache.

the class DefaultJWTRoleParser method parseRolesFromToken.

/**
 * Return the set of User/Principal roles from the token.
 * @param principal the Principal associated with the token
 * @param subject the JAAS Subject associated with a successful validation of the token
 * @param token The JWTToken
 * @return the set of User/Principal roles from the token.
 */
public Set<Principal> parseRolesFromToken(Principal principal, Subject subject, JwtToken token) {
    if (subject != null && useJaasSubject) {
        return super.parseRolesFromSubject(principal, subject);
    }
    Set<Principal> roles = null;
    if (roleClaim != null && token != null && token.getClaims().containsProperty(roleClaim)) {
        roles = new HashSet<>();
        String role = token.getClaims().getStringProperty(roleClaim).trim();
        for (String r : role.split(",")) {
            roles.add(new SimpleGroup(r));
        }
    } else {
        roles = Collections.emptySet();
    }
    return roles;
}
Also used : SimpleGroup(org.apache.cxf.common.security.SimpleGroup) Principal(java.security.Principal)

Aggregations

SimpleGroup (org.apache.cxf.common.security.SimpleGroup)13 Subject (javax.security.auth.Subject)10 SimplePrincipal (org.apache.cxf.common.security.SimplePrincipal)9 Principal (java.security.Principal)6 Test (org.junit.Test)4 Group (java.security.acl.Group)2 HashSet (java.util.HashSet)2 IOException (java.io.IOException)1 Callback (javax.security.auth.callback.Callback)1 NameCallback (javax.security.auth.callback.NameCallback)1 PasswordCallback (javax.security.auth.callback.PasswordCallback)1 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1 LoginException (javax.security.auth.login.LoginException)1 Claim (org.apache.cxf.rt.security.claims.Claim)1 SAMLClaim (org.apache.cxf.rt.security.saml.claims.SAMLClaim)1 LoginSecurityContext (org.apache.cxf.security.LoginSecurityContext)1 WSUsernameTokenPrincipalImpl (org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl)1 UsernameToken (org.apache.wss4j.dom.message.token.UsernameToken)1 Credential (org.apache.wss4j.dom.validate.Credential)1 UsernameSecurityTokenImpl (org.apache.wss4j.stax.impl.securityToken.UsernameSecurityTokenImpl)1