Example 31 with SimplePrincipal
use of org.apache.cxf.common.security.SimplePrincipal in project tesb-rt-se by Talend.
the class SecurityContextFilter method filter.
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Message message = JAXRSUtils.getCurrentMessage();
SecurityContext sc = message.get(SecurityContext.class);
if (sc != null) {
Principal principal = sc.getUserPrincipal();
if (principal != null && users.containsKey(principal.getName())) {
return;
}
}
List<String> authValues = headers.getRequestHeader("Authorization");
if (authValues == null || authValues.size() != 1) {
requestContext.abortWith(createFaultResponse());
return;
}
String[] values = authValues.get(0).split(" ");
if (values.length != 2 || !"Basic".equals(values[0])) {
requestContext.abortWith(createFaultResponse());
return;
}
String decodedValue = null;
try {
decodedValue = new String(Base64Utility.decode(values[1]));
} catch (Base64Exception ex) {
requestContext.abortWith(createFaultResponse());
return;
}
final String[] namePassword = decodedValue.split(":");
if (namePassword.length != 2) {
requestContext.abortWith(createFaultResponse());
return;
}
String password = users.get(namePassword[0]);
if (password == null || !password.equals(namePassword[1])) {
requestContext.abortWith(createFaultResponse());
return;
}
final SecurityContext newSc = new SecurityContext() {
public Principal getUserPrincipal() {
return new SimplePrincipal(namePassword[0]);
}
public boolean isUserInRole(String arg0) {
return false;
}
};
message.put(SecurityContext.class, newSc);
}
Also used :
Message(org.apache.cxf.message.Message)
Base64Exception(org.apache.cxf.common.util.Base64Exception)
SecurityContext(org.apache.cxf.security.SecurityContext)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Principal(java.security.Principal)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Example 32 with SimplePrincipal
use of org.apache.cxf.common.security.SimplePrincipal in project jbossws-cxf by jbossws.
the class SubjectCreator method createSubject.
public Subject createSubject(SecurityDomainContext ctx, String name, String password, boolean isDigest, String nonce, String created) {
if (isDigest) {
verifyUsernameToken(nonce, created);
// It is not possible at the moment to figure out if the digest has been created
// using the original nonce bytes or the bytes of the (Base64)-encoded nonce, some
// legacy clients might use the (Base64)-encoded nonce bytes when creating a digest;
// lets default to true and assume the nonce has been Base-64 encoded, given that
// WSS4J client Base64-decodes the nonce before creating the digest
CallbackHandler handler = new UsernameTokenCallbackHandler(nonce, created, decodeNonce);
CallbackHandlerPolicyContextHandler.setCallbackHandler(handler);
}
// authenticate and populate Subject
Principal principal = new SimplePrincipal(name);
Subject subject = new Subject();
boolean TRACE = SECURITY_LOGGER.isTraceEnabled();
if (TRACE)
SECURITY_LOGGER.aboutToAuthenticate(ctx.getSecurityDomain());
try {
ClassLoader tccl = SecurityActions.getContextClassLoader();
// allow PicketBox to see jbossws modules' classes
SecurityActions.setContextClassLoader(createDelegateClassLoader(ClassLoaderProvider.getDefaultProvider().getServerIntegrationClassLoader(), tccl));
try {
if (ctx.isValid(principal, password, subject) == false) {
throw MESSAGES.authenticationFailed(principal.getName());
}
} finally {
SecurityActions.setContextClassLoader(tccl);
}
} finally {
if (isDigest) {
// does not remove the TL entry completely but limits the potential
// growth to a number of available threads in a container
CallbackHandlerPolicyContextHandler.setCallbackHandler(null);
}
}
if (TRACE)
SECURITY_LOGGER.authenticated(name);
if (propagateContext) {
ctx.pushSubjectContext(subject, principal, password);
if (TRACE)
SECURITY_LOGGER.securityContextPropagated(name);
}
return subject;
}
Also used :
UsernameTokenCallbackHandler(org.jboss.wsf.stack.cxf.security.authentication.callback.UsernameTokenCallbackHandler)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
DelegateClassLoader(org.jboss.ws.common.utils.DelegateClassLoader)
UsernameTokenCallbackHandler(org.jboss.wsf.stack.cxf.security.authentication.callback.UsernameTokenCallbackHandler)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Principal(java.security.Principal)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Subject(javax.security.auth.Subject)
Example 33 with SimplePrincipal
use of org.apache.cxf.common.security.SimplePrincipal in project jbossws-cxf by jbossws.
the class SubjectCreator method createSubject.
// TODO:refactor this
public Subject createSubject(JBossAuthenticationManager manager, String name, String password, boolean isDigest, String nonce, String created) {
if (isDigest) {
verifyUsernameToken(nonce, created);
// It is not possible at the moment to figure out if the digest has been created
// using the original nonce bytes or the bytes of the (Base64)-encoded nonce, some
// legacy clients might use the (Base64)-encoded nonce bytes when creating a digest;
// lets default to true and assume the nonce has been Base-64 encoded, given that
// WSS4J client Base64-decodes the nonce before creating the digest
CallbackHandler handler = new UsernameTokenCallbackHandler(nonce, created, decodeNonce);
CallbackHandlerPolicyContextHandler.setCallbackHandler(handler);
}
// authenticate and populate Subject
Principal principal = new SimplePrincipal(name);
Subject subject = new Subject();
boolean TRACE = SECURITY_LOGGER.isTraceEnabled();
if (TRACE)
SECURITY_LOGGER.aboutToAuthenticate(manager.getSecurityDomain());
try {
ClassLoader tccl = SecurityActions.getContextClassLoader();
// allow PicketBox to see jbossws modules' classes
SecurityActions.setContextClassLoader(createDelegateClassLoader(ClassLoaderProvider.getDefaultProvider().getServerIntegrationClassLoader(), tccl));
try {
if (manager.isValid(principal, password, subject) == false) {
throw MESSAGES.authenticationFailed(principal.getName());
}
} finally {
SecurityActions.setContextClassLoader(tccl);
}
} finally {
if (isDigest) {
// does not remove the TL entry completely but limits the potential
// growth to a number of available threads in a container
CallbackHandlerPolicyContextHandler.setCallbackHandler(null);
}
}
if (TRACE)
SECURITY_LOGGER.authenticated(name);
return subject;
}
Also used :
UsernameTokenCallbackHandler(org.jboss.wsf.stack.cxf.security.authentication.callback.UsernameTokenCallbackHandler)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
DelegateClassLoader(org.jboss.ws.common.utils.DelegateClassLoader)
UsernameTokenCallbackHandler(org.jboss.wsf.stack.cxf.security.authentication.callback.UsernameTokenCallbackHandler)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Principal(java.security.Principal)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Subject(javax.security.auth.Subject)
Aggregations
SimplePrincipal (org.apache.cxf.common.security.SimplePrincipal)33
Principal (java.security.Principal)19
Subject (javax.security.auth.Subject)19
Test (org.junit.Test)13
SimpleGroup (org.apache.cxf.common.security.SimpleGroup)10
SecurityContext (org.apache.cxf.security.SecurityContext)9
GroupPrincipal (org.apache.cxf.common.security.GroupPrincipal)6
Message (org.apache.cxf.message.Message)6
LoginSecurityContext (org.apache.cxf.security.LoginSecurityContext)4
IOException (java.io.IOException)3
Callback (javax.security.auth.callback.Callback)3
NameCallback (javax.security.auth.callback.NameCallback)3
PasswordCallback (javax.security.auth.callback.PasswordCallback)3
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)3
LoginException (javax.security.auth.login.LoginException)3
Base64Exception (org.apache.cxf.common.util.Base64Exception)3
ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)3
HashSet (java.util.HashSet)2
CallbackHandler (javax.security.auth.callback.CallbackHandler)2
ExchangeImpl (org.apache.cxf.message.ExchangeImpl)2
