Examples with UsernameToken org.apache.cxf.common.security.UsernameToken used on opensource projects
Example 1 with UsernameToken
use of org.apache.cxf.common.security.UsernameToken in project jbossws-cxf by jbossws.
the class AuthenticationMgrSubjectCreatingInterceptor method handleMessage.
@Override
public void handleMessage(Message message) throws Fault {
JBossAuthenticationManager authenticationManger = message.get(JBossAuthenticationManager.class);
if (authenticationManger == null) {
return;
}
SecurityContext context = message.get(SecurityContext.class);
if (context == null || context.getUserPrincipal() == null) {
Loggers.SECURITY_LOGGER.userPrincipalNotAvailableOnCurrentMessage();
return;
}
SecurityToken token = message.get(SecurityToken.class);
Subject subject = null;
if (token != null) {
// Try authenticating using SecurityToken info
if (token.getTokenType() != TokenType.UsernameToken) {
throw Messages.MESSAGES.unsupportedTokenType(token.getTokenType());
}
UsernameToken ut = (UsernameToken) token;
subject = helper.createSubject(authenticationManger, ut.getName(), ut.getPassword(), ut.isHashed(), ut.getNonce(), ut.getCreatedTime());
} else {
// Try authenticating using WSS4J internal info (previously set into SecurityContext by WSS4JInInterceptor)
Principal p = context.getUserPrincipal();
if (!(p instanceof UsernameTokenPrincipal)) {
throw Messages.MESSAGES.couldNotGetSubjectInfo();
}
UsernameTokenPrincipal up = (UsernameTokenPrincipal) p;
subject = helper.createSubject(authenticationManger, up.getName(), up.getPassword(), up.isPasswordDigest(), up.getNonce(), up.getCreatedTime());
}
Principal principal = getPrincipal(context.getUserPrincipal(), subject);
message.put(SecurityContext.class, createSecurityContext(principal, subject));
}
Also used :
SecurityToken(org.apache.cxf.common.security.SecurityToken)
UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)
SecurityContext(org.apache.cxf.security.SecurityContext)
UsernameToken(org.apache.cxf.common.security.UsernameToken)
JBossAuthenticationManager(org.jboss.security.plugins.JBossAuthenticationManager)
Subject(javax.security.auth.Subject)
Principal(java.security.Principal)
UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)
Example 2 with UsernameToken
use of org.apache.cxf.common.security.UsernameToken in project cxf by apache.
the class WSS4JTokenConverter method convertToken.
public static void convertToken(Message msg, Principal p) {
if (p instanceof UsernameTokenPrincipal) {
UsernameTokenPrincipal utp = (UsernameTokenPrincipal) p;
String nonce = null;
if (utp.getNonce() != null) {
nonce = Base64Utility.encode(utp.getNonce());
}
msg.put(org.apache.cxf.common.security.SecurityToken.class, new UsernameToken(utp.getName(), utp.getPassword(), utp.getPasswordType(), utp.isPasswordDigest(), nonce, utp.getCreatedTime()));
}
}
Also used :
UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)
UsernameToken(org.apache.cxf.common.security.UsernameToken)
Example 3 with UsernameToken
use of org.apache.cxf.common.security.UsernameToken in project cxf by apache.
the class AbstractUsernameTokenAuthenticatingInterceptor method handleMessage.
@Override
public void handleMessage(SoapMessage msg) throws Fault {
SecurityToken token = msg.get(SecurityToken.class);
SecurityContext context = msg.get(SecurityContext.class);
if (token == null || context == null || context.getUserPrincipal() == null) {
super.handleMessage(msg);
return;
}
UsernameToken ut = (UsernameToken) token;
Subject subject = createSubject(ut.getName(), ut.getPassword(), ut.isHashed(), ut.getNonce(), ut.getCreatedTime());
SecurityContext sc = doCreateSecurityContext(context.getUserPrincipal(), subject);
msg.put(SecurityContext.class, sc);
}
Also used :
SecurityToken(org.apache.cxf.common.security.SecurityToken)
DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
UsernameToken(org.apache.cxf.common.security.UsernameToken)
Subject(javax.security.auth.Subject)
Example 4 with UsernameToken
use of org.apache.cxf.common.security.UsernameToken in project cxf by apache.
the class JAASLoginInterceptorTest method addUsernameToken.
private void addUsernameToken(Message message, String username, String password) {
UsernameToken token = new UsernameToken(username, password, "", false, null, "");
message.put(SecurityToken.class, token);
}
Also used :
UsernameToken(org.apache.cxf.common.security.UsernameToken)
Example 5 with UsernameToken
use of org.apache.cxf.common.security.UsernameToken in project cxf by apache.
the class CallbackHandlerProviderUsernameToken method create.
@Override
public CallbackHandler create(Message message) {
SecurityToken token = message.get(SecurityToken.class);
if (!(token instanceof UsernameToken)) {
return null;
}
UsernameToken ut = (UsernameToken) token;
if (ut.getPasswordType().endsWith("PasswordDigest")) {
return new NameDigestPasswordCallbackHandler(ut.getName(), ut.getPassword(), ut.getNonce(), ut.getCreatedTime());
}
return new NamePasswordCallbackHandler(ut.getName(), ut.getPassword());
}
Also used :
SecurityToken(org.apache.cxf.common.security.SecurityToken)
NameDigestPasswordCallbackHandler(org.apache.cxf.interceptor.security.NameDigestPasswordCallbackHandler)
NamePasswordCallbackHandler(org.apache.cxf.interceptor.security.NamePasswordCallbackHandler)
UsernameToken(org.apache.cxf.common.security.UsernameToken)
Aggregations
UsernameToken (org.apache.cxf.common.security.UsernameToken)8
SecurityToken (org.apache.cxf.common.security.SecurityToken)6
Subject (javax.security.auth.Subject)5
SecurityContext (org.apache.cxf.security.SecurityContext)5
DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)4
Principal (java.security.Principal)3
UsernameTokenPrincipal (org.apache.wss4j.common.principal.UsernameTokenPrincipal)3
Endpoint (org.jboss.wsf.spi.deployment.Endpoint)2
JacksonJsonProvider (com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider)1
SimpleGroup (org.apache.cxf.common.security.SimpleGroup)1
Fault (org.apache.cxf.interceptor.Fault)1
NameDigestPasswordCallbackHandler (org.apache.cxf.interceptor.security.NameDigestPasswordCallbackHandler)1
NamePasswordCallbackHandler (org.apache.cxf.interceptor.security.NamePasswordCallbackHandler)1
WebClient (org.apache.cxf.jaxrs.client.WebClient)1
MembershipTO (org.apache.syncope.common.lib.to.MembershipTO)1
UserTO (org.apache.syncope.common.lib.to.UserTO)1
JBossAuthenticationManager (org.jboss.security.plugins.JBossAuthenticationManager)1
SecurityDomainContext (org.jboss.wsf.spi.security.SecurityDomainContext)1
