Search in sources :

Example 1 with UsernameToken

use of org.apache.cxf.common.security.UsernameToken in project jbossws-cxf by jbossws.

the class AuthenticationMgrSubjectCreatingInterceptor method handleMessage.

@Override
public void handleMessage(Message message) throws Fault {
    JBossAuthenticationManager authenticationManger = message.get(JBossAuthenticationManager.class);
    if (authenticationManger == null) {
        return;
    }
    SecurityContext context = message.get(SecurityContext.class);
    if (context == null || context.getUserPrincipal() == null) {
        Loggers.SECURITY_LOGGER.userPrincipalNotAvailableOnCurrentMessage();
        return;
    }
    SecurityToken token = message.get(SecurityToken.class);
    Subject subject = null;
    if (token != null) {
        // Try authenticating using SecurityToken info
        if (token.getTokenType() != TokenType.UsernameToken) {
            throw Messages.MESSAGES.unsupportedTokenType(token.getTokenType());
        }
        UsernameToken ut = (UsernameToken) token;
        subject = helper.createSubject(authenticationManger, ut.getName(), ut.getPassword(), ut.isHashed(), ut.getNonce(), ut.getCreatedTime());
    } else {
        // Try authenticating using WSS4J internal info (previously set into SecurityContext by WSS4JInInterceptor)
        Principal p = context.getUserPrincipal();
        if (!(p instanceof UsernameTokenPrincipal)) {
            throw Messages.MESSAGES.couldNotGetSubjectInfo();
        }
        UsernameTokenPrincipal up = (UsernameTokenPrincipal) p;
        subject = helper.createSubject(authenticationManger, up.getName(), up.getPassword(), up.isPasswordDigest(), up.getNonce(), up.getCreatedTime());
    }
    Principal principal = getPrincipal(context.getUserPrincipal(), subject);
    message.put(SecurityContext.class, createSecurityContext(principal, subject));
}
Also used : SecurityToken(org.apache.cxf.common.security.SecurityToken) UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal) SecurityContext(org.apache.cxf.security.SecurityContext) UsernameToken(org.apache.cxf.common.security.UsernameToken) JBossAuthenticationManager(org.jboss.security.plugins.JBossAuthenticationManager) Subject(javax.security.auth.Subject) Principal(java.security.Principal) UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)

Example 2 with UsernameToken

use of org.apache.cxf.common.security.UsernameToken in project cxf by apache.

the class WSS4JTokenConverter method convertToken.

public static void convertToken(Message msg, Principal p) {
    if (p instanceof UsernameTokenPrincipal) {
        UsernameTokenPrincipal utp = (UsernameTokenPrincipal) p;
        String nonce = null;
        if (utp.getNonce() != null) {
            nonce = Base64Utility.encode(utp.getNonce());
        }
        msg.put(org.apache.cxf.common.security.SecurityToken.class, new UsernameToken(utp.getName(), utp.getPassword(), utp.getPasswordType(), utp.isPasswordDigest(), nonce, utp.getCreatedTime()));
    }
}
Also used : UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal) UsernameToken(org.apache.cxf.common.security.UsernameToken)

Example 3 with UsernameToken

use of org.apache.cxf.common.security.UsernameToken in project cxf by apache.

the class AbstractUsernameTokenAuthenticatingInterceptor method handleMessage.

@Override
public void handleMessage(SoapMessage msg) throws Fault {
    SecurityToken token = msg.get(SecurityToken.class);
    SecurityContext context = msg.get(SecurityContext.class);
    if (token == null || context == null || context.getUserPrincipal() == null) {
        super.handleMessage(msg);
        return;
    }
    UsernameToken ut = (UsernameToken) token;
    Subject subject = createSubject(ut.getName(), ut.getPassword(), ut.isHashed(), ut.getNonce(), ut.getCreatedTime());
    SecurityContext sc = doCreateSecurityContext(context.getUserPrincipal(), subject);
    msg.put(SecurityContext.class, sc);
}
Also used : SecurityToken(org.apache.cxf.common.security.SecurityToken) DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) SecurityContext(org.apache.cxf.security.SecurityContext) UsernameToken(org.apache.cxf.common.security.UsernameToken) Subject(javax.security.auth.Subject)

Example 4 with UsernameToken

use of org.apache.cxf.common.security.UsernameToken in project cxf by apache.

the class JAASLoginInterceptorTest method addUsernameToken.

private void addUsernameToken(Message message, String username, String password) {
    UsernameToken token = new UsernameToken(username, password, "", false, null, "");
    message.put(SecurityToken.class, token);
}
Also used : UsernameToken(org.apache.cxf.common.security.UsernameToken)

Example 5 with UsernameToken

use of org.apache.cxf.common.security.UsernameToken in project cxf by apache.

the class CallbackHandlerProviderUsernameToken method create.

@Override
public CallbackHandler create(Message message) {
    SecurityToken token = message.get(SecurityToken.class);
    if (!(token instanceof UsernameToken)) {
        return null;
    }
    UsernameToken ut = (UsernameToken) token;
    if (ut.getPasswordType().endsWith("PasswordDigest")) {
        return new NameDigestPasswordCallbackHandler(ut.getName(), ut.getPassword(), ut.getNonce(), ut.getCreatedTime());
    }
    return new NamePasswordCallbackHandler(ut.getName(), ut.getPassword());
}
Also used : SecurityToken(org.apache.cxf.common.security.SecurityToken) NameDigestPasswordCallbackHandler(org.apache.cxf.interceptor.security.NameDigestPasswordCallbackHandler) NamePasswordCallbackHandler(org.apache.cxf.interceptor.security.NamePasswordCallbackHandler) UsernameToken(org.apache.cxf.common.security.UsernameToken)

Aggregations

UsernameToken (org.apache.cxf.common.security.UsernameToken)8 SecurityToken (org.apache.cxf.common.security.SecurityToken)6 Subject (javax.security.auth.Subject)5 SecurityContext (org.apache.cxf.security.SecurityContext)5 DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)4 Principal (java.security.Principal)3 UsernameTokenPrincipal (org.apache.wss4j.common.principal.UsernameTokenPrincipal)3 Endpoint (org.jboss.wsf.spi.deployment.Endpoint)2 JacksonJsonProvider (com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider)1 SimpleGroup (org.apache.cxf.common.security.SimpleGroup)1 Fault (org.apache.cxf.interceptor.Fault)1 NameDigestPasswordCallbackHandler (org.apache.cxf.interceptor.security.NameDigestPasswordCallbackHandler)1 NamePasswordCallbackHandler (org.apache.cxf.interceptor.security.NamePasswordCallbackHandler)1 WebClient (org.apache.cxf.jaxrs.client.WebClient)1 MembershipTO (org.apache.syncope.common.lib.to.MembershipTO)1 UserTO (org.apache.syncope.common.lib.to.UserTO)1 JBossAuthenticationManager (org.jboss.security.plugins.JBossAuthenticationManager)1 SecurityDomainContext (org.jboss.wsf.spi.security.SecurityDomainContext)1