Examples with SimplePrincipal org.apache.cxf.common.security.SimplePrincipal used on opensource projects

Example 11 with SimplePrincipal

use of org.apache.cxf.common.security.SimplePrincipal in project cxf by apache.

the class DefaultSecurityContextTest method testUserInRole2.

@Test
public void testUserInRole2() {
    Subject s = new Subject();
    Principal p = new SimplePrincipal("Barry");
    s.getPrincipals().add(p);
    GroupPrincipal group = new SimpleGroup("Roles", p);
    group.addMember(new SimpleGroup("friend"));
    s.getPrincipals().add(group);
    assertTrue(new DefaultSecurityContext(p, s).isUserInRole("friend"));
}

Example 12 with SimplePrincipal

use of org.apache.cxf.common.security.SimplePrincipal in project cxf by apache.

the class DefaultSecurityContextTest method testUserNotInRole.

@Test
public void testUserNotInRole() {
    Subject s = new Subject();
    Principal p = new SimplePrincipal("Barry");
    s.getPrincipals().add(p);
    assertFalse(new DefaultSecurityContext(p, s).isUserInRole("friend"));
}

Example 13 with SimplePrincipal

use of org.apache.cxf.common.security.SimplePrincipal in project cxf by apache.

the class OAuthRequestFilter method createSecurityContext.

protected SecurityContext createSecurityContext(HttpServletRequest request, AccessTokenValidation accessTokenV) {
    UserSubject resourceOwnerSubject = accessTokenV.getTokenSubject();
    UserSubject clientSubject = accessTokenV.getClientSubject();
    final UserSubject theSubject = OAuthRequestFilter.this.useUserSubject ? resourceOwnerSubject : clientSubject;
    return new SecurityContext() {

        public Principal getUserPrincipal() {
            return theSubject != null ? new SimplePrincipal(theSubject.getLogin()) : null;
        }

        public boolean isUserInRole(String role) {
            if (theSubject == null) {
                return false;
            }
            return theSubject.getRoles().contains(role);
        }
    };
}

Example 14 with SimplePrincipal

use of org.apache.cxf.common.security.SimplePrincipal in project cxf by apache.

the class AbstractServiceProviderFilter method setSecurityContext.

protected void setSecurityContext(Message m, SamlAssertionWrapper assertionWrapper) {
    Subject subject = SAMLUtils.getSubject(m, assertionWrapper);
    final String name = subject.getName();
    if (name != null) {
        String roleAttributeName = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, m);
        if (roleAttributeName == null || roleAttributeName.length() == 0) {
            roleAttributeName = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
        }
        ClaimCollection claims = org.apache.cxf.rt.security.saml.utils.SAMLUtils.getClaims(assertionWrapper);
        Set<Principal> roles = org.apache.cxf.rt.security.saml.utils.SAMLUtils.parseRolesFromClaims(claims, roleAttributeName, null);
        SAMLSecurityContext context = new SAMLSecurityContext(new SimplePrincipal(name), roles, claims);
        context.setIssuer(org.apache.cxf.rt.security.saml.utils.SAMLUtils.getIssuer(assertionWrapper));
        context.setAssertionElement(org.apache.cxf.rt.security.saml.utils.SAMLUtils.getAssertionElement(assertionWrapper));
        m.put(SecurityContext.class, context);
    }
}

Example 15 with SimplePrincipal

use of org.apache.cxf.common.security.SimplePrincipal in project cxf by apache.

the class JWTTokenValidator method validateToken.

/**
 * Validate a Token using the given TokenValidatorParameters.
 */
public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
    LOG.fine("Validating JWT Token");
    STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
    TokenValidatorResponse response = new TokenValidatorResponse();
    ReceivedToken validateTarget = tokenParameters.getToken();
    validateTarget.setState(STATE.INVALID);
    response.setToken(validateTarget);
    String token = ((Element) validateTarget.getToken()).getTextContent();
    if (token == null || "".equals(token)) {
        return response;
    }
    if (token.split("\\.").length != 3) {
        LOG.log(Level.WARNING, "JWT Token appears not to be signed. Validation has failed");
        return response;
    }
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
    JwtToken jwt = jwtConsumer.getJwtToken();
    // Verify the signature
    Properties verificationProperties = new Properties();
    Crypto signatureCrypto = stsProperties.getSignatureCrypto();
    String alias = stsProperties.getSignatureUsername();
    if (alias != null) {
        verificationProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, alias);
    }
    if (!(signatureCrypto instanceof Merlin)) {
        throw new STSException("Can't get the keystore", STSException.REQUEST_FAILED);
    }
    KeyStore keystore = ((Merlin) signatureCrypto).getKeyStore();
    verificationProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
    JwsSignatureVerifier signatureVerifier = JwsUtils.loadSignatureVerifier(verificationProperties, jwt.getJwsHeaders());
    if (!jwtConsumer.verifySignatureWith(signatureVerifier)) {
        return response;
    }
    try {
        validateToken(jwt);
    } catch (RuntimeException ex) {
        LOG.log(Level.WARNING, "JWT token validation failed", ex);
        return response;
    }
    // Get the realm of the JWT Token
    if (realmCodec != null) {
        String tokenRealm = realmCodec.getRealmFromToken(jwt);
        response.setTokenRealm(tokenRealm);
    }
    if (isVerifiedWithAPublicKey(jwt)) {
        Principal principal = new SimplePrincipal(jwt.getClaims().getSubject());
        response.setPrincipal(principal);
        // Parse roles from the validated token
        if (roleParser != null) {
            Set<Principal> roles = roleParser.parseRolesFromToken(principal, null, jwt);
            response.setRoles(roles);
        }
    }
    validateTarget.setState(STATE.VALID);
    LOG.fine("JWT Token successfully validated");
    return response;
}