Example 16 with SimplePrincipal
use of org.apache.cxf.common.security.SimplePrincipal in project cxf by apache.
the class SimpleSubjectCreatingInterceptor method createSubject.
@Override
protected Subject createSubject(String name, String password, boolean isDigest, String nonce, String created) throws SecurityException {
Subject subject = new Subject();
// delegate to the external security system if possible
String roleName = "Alice".equals(name) ? "developers" : "pms";
subject.getPrincipals().add(new SimplePrincipal(name));
subject.getPrincipals().add(new SimpleGroup(roleName, name));
subject.setReadOnly();
return subject;
}
Also used :
SimpleGroup(org.apache.cxf.common.security.SimpleGroup)
Subject(javax.security.auth.Subject)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Example 17 with SimplePrincipal
use of org.apache.cxf.common.security.SimplePrincipal in project cxf by apache.
the class CustomUsernameTokenInterceptor method createSubject.
protected Subject createSubject(String name, String password, boolean isDigest, String nonce, String created) throws SecurityException {
Subject subject = new Subject();
// delegate to the external security system if possible
// authenticate the user somehow
subject.getPrincipals().add(new SimplePrincipal(name));
// add roles this user is in
String roleName = "Alice".equals(name) ? "developers" : "pms";
try {
String expectedPassword = "Alice".equals(name) ? "ecilA" : UsernameTokenUtil.doPasswordDigest(XMLUtils.decode(nonce), created, "invalid-password");
if (!password.equals(expectedPassword)) {
throw new SecurityException("Wrong Password");
}
} catch (org.apache.wss4j.common.ext.WSSecurityException ex) {
throw new SecurityException("Wrong Password");
}
subject.getPrincipals().add(new SimpleGroup(roleName, name));
subject.setReadOnly();
return subject;
}
Also used :
SimpleGroup(org.apache.cxf.common.security.SimpleGroup)
Subject(javax.security.auth.Subject)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Example 18 with SimplePrincipal
use of org.apache.cxf.common.security.SimplePrincipal in project cxf by apache.
the class SimpleUsernameTokenInterceptor method createSubject.
protected Subject createSubject(String name, String password, boolean isDigest, String nonce, String created) throws SecurityException {
Subject subject = new Subject();
// delegate to the external security system if possible
// authenticate the user somehow
subject.getPrincipals().add(new SimplePrincipal(name));
// add roles this user is in
String roleName = "Alice".equals(name) ? "developers" : "pms";
subject.getPrincipals().add(new SimpleGroup(roleName, name));
subject.setReadOnly();
return subject;
}
Also used :
SimpleGroup(org.apache.cxf.common.security.SimpleGroup)
Subject(javax.security.auth.Subject)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Example 19 with SimplePrincipal
use of org.apache.cxf.common.security.SimplePrincipal in project camel by apache.
the class DefaultCxfMessageMapperTest method testSecurityContext.
@Test
public void testSecurityContext() {
DefaultCxfMessageMapper mapper = new DefaultCxfMessageMapper();
HttpServletRequest request = EasyMock.createMock(HttpServletRequest.class);
request.getUserPrincipal();
EasyMock.expectLastCall().andReturn(new SimplePrincipal("barry"));
request.isUserInRole("role1");
EasyMock.expectLastCall().andReturn(true);
request.isUserInRole("role2");
EasyMock.expectLastCall().andReturn(false);
EasyMock.replay(request);
Exchange camelExchange = setupCamelExchange("/", "/", request);
Message cxfMessage = mapper.createCxfMessageFromCamelExchange(camelExchange, EasyMock.createMock(HeaderFilterStrategy.class));
SecurityContext sc = cxfMessage.get(SecurityContext.class);
assertNotNull(sc);
assertEquals("barry", sc.getUserPrincipal().getName());
assertTrue(sc.isUserInRole("role1"));
assertFalse(sc.isUserInRole("role2"));
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Exchange(org.apache.camel.Exchange)
Message(org.apache.cxf.message.Message)
SecurityContext(org.apache.cxf.security.SecurityContext)
HeaderFilterStrategy(org.apache.camel.spi.HeaderFilterStrategy)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Test(org.junit.Test)
Example 20 with SimplePrincipal
use of org.apache.cxf.common.security.SimplePrincipal in project cxf by apache.
the class TestUserPasswordLoginModule method login.
@Override
public boolean login() throws LoginException {
NameCallback nameCallback = new NameCallback("User");
PasswordCallback passwordCallback = new PasswordCallback("Password", false);
Callback[] callbacks = new Callback[] { nameCallback, passwordCallback };
try {
this.callbackHandler.handle(callbacks);
} catch (IOException | UnsupportedCallbackException e) {
throw new LoginException(e.getMessage());
}
String userName = nameCallback.getName();
String password = new String(passwordCallback.getPassword());
if (!TESTUSER.equals(userName)) {
throw new LoginException("wrong username");
}
if (!TESTPASS.equals(password)) {
throw new LoginException("wrong password");
}
subject.getPrincipals().add(new SimplePrincipal(userName));
subject.getPrincipals().add(new SimpleGroup(TESTGROUP));
return true;
}
Also used :
NameCallback(javax.security.auth.callback.NameCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
LoginException(javax.security.auth.login.LoginException)
SimpleGroup(org.apache.cxf.common.security.SimpleGroup)
IOException(java.io.IOException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Aggregations
SimplePrincipal (org.apache.cxf.common.security.SimplePrincipal)33
Principal (java.security.Principal)19
Subject (javax.security.auth.Subject)19
Test (org.junit.Test)13
SimpleGroup (org.apache.cxf.common.security.SimpleGroup)10
SecurityContext (org.apache.cxf.security.SecurityContext)9
GroupPrincipal (org.apache.cxf.common.security.GroupPrincipal)6
Message (org.apache.cxf.message.Message)6
LoginSecurityContext (org.apache.cxf.security.LoginSecurityContext)4
IOException (java.io.IOException)3
Callback (javax.security.auth.callback.Callback)3
NameCallback (javax.security.auth.callback.NameCallback)3
PasswordCallback (javax.security.auth.callback.PasswordCallback)3
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)3
LoginException (javax.security.auth.login.LoginException)3
Base64Exception (org.apache.cxf.common.util.Base64Exception)3
ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)3
HashSet (java.util.HashSet)2
CallbackHandler (javax.security.auth.callback.CallbackHandler)2
ExchangeImpl (org.apache.cxf.message.ExchangeImpl)2
