Examples with UsernameToken org.apache.cxf.common.security.UsernameToken used on opensource projects

Search in sources :

Example 6 with UsernameToken

use of org.apache.cxf.common.security.UsernameToken in project testcases by coheigea.

the class SyncopeRolesInterceptor method handleMessage.

public void handleMessage(Message message) throws Fault {
    SecurityContext context = message.get(SecurityContext.class);
    if (context == null) {
        return;
    }
    Principal principal = context.getUserPrincipal();
    UsernameToken usernameToken = (UsernameToken) message.get(SecurityToken.class);
    if (principal == null || usernameToken == null || !principal.getName().equals(usernameToken.getName())) {
        return;
    }
    // Read the user from Syncope and get the roles
    WebClient client = WebClient.create(address, Collections.singletonList(new JacksonJsonProvider()));
    String authorizationHeader = "Basic " + Base64Utility.encode((usernameToken.getName() + ":" + usernameToken.getPassword()).getBytes());
    client.header("Authorization", authorizationHeader);
    client = client.path("users/self");
    UserTO user = null;
    try {
        user = client.get(UserTO.class);
        if (user == null) {
            Exception exception = new Exception("Authentication failed");
            throw new Fault(exception);
        }
    } catch (RuntimeException ex) {
        if (log.isDebugEnabled()) {
            log.debug(ex.getMessage(), ex);
        }
        throw new Fault(ex);
    }
    // Now get the roles
    List<MembershipTO> membershipList = user.getMemberships();
    Subject subject = new Subject();
    subject.getPrincipals().add(principal);
    for (MembershipTO membership : membershipList) {
        String roleName = membership.getGroupName();
        subject.getPrincipals().add(new SimpleGroup(roleName, usernameToken.getName()));
    }
    subject.setReadOnly();
    message.put(SecurityContext.class, new DefaultSecurityContext(principal, subject));
}
Also used : DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) JacksonJsonProvider(com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider) UsernameToken(org.apache.cxf.common.security.UsernameToken) SimpleGroup(org.apache.cxf.common.security.SimpleGroup) Fault(org.apache.cxf.interceptor.Fault) WebClient(org.apache.cxf.jaxrs.client.WebClient) Subject(javax.security.auth.Subject) SecurityToken(org.apache.cxf.common.security.SecurityToken) UserTO(org.apache.syncope.common.lib.to.UserTO) MembershipTO(org.apache.syncope.common.lib.to.MembershipTO) SecurityContext(org.apache.cxf.security.SecurityContext) DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) Principal(java.security.Principal)

Example 7 with UsernameToken

use of org.apache.cxf.common.security.UsernameToken in project jbossws-cxf by jbossws.

the class SubjectCreatingInterceptor method handleMessage.

@Override
public void handleMessage(SoapMessage msg) throws Fault {
    Endpoint ep = msg.getExchange().get(Endpoint.class);
    sdc.set(ep.getSecurityDomainContext());
    try {
        SecurityToken token = msg.get(SecurityToken.class);
        SecurityContext context = msg.get(SecurityContext.class);
        if (token == null || context == null || context.getUserPrincipal() == null) {
            super.handleMessage(msg);
            return;
        }
        UsernameToken ut = (UsernameToken) token;
        Subject subject = createSubject(ut.getName(), ut.getPassword(), ut.isHashed(), ut.getNonce(), ut.getCreatedTime());
        SecurityContext sc = doCreateSecurityContext(context.getUserPrincipal(), subject);
        msg.put(SecurityContext.class, sc);
    } finally {
        if (sdc != null) {
            sdc.remove();
        }
    }
}
Also used : SecurityToken(org.apache.cxf.common.security.SecurityToken) Endpoint(org.jboss.wsf.spi.deployment.Endpoint) DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) SecurityContext(org.apache.cxf.security.SecurityContext) UsernameToken(org.apache.cxf.common.security.UsernameToken) Subject(javax.security.auth.Subject)

Example 8 with UsernameToken

use of org.apache.cxf.common.security.UsernameToken in project jbossws-cxf by jbossws.

the class SubjectCreatingPolicyInterceptor method handleMessage.

@Override
public void handleMessage(Message message) throws Fault {
    Endpoint ep = message.getExchange().get(Endpoint.class);
    SecurityDomainContext sdc = ep.getSecurityDomainContext();
    SecurityContext context = message.get(SecurityContext.class);
    if (context == null || context.getUserPrincipal() == null) {
        Loggers.SECURITY_LOGGER.userPrincipalNotAvailableOnCurrentMessage();
        return;
    }
    SecurityToken token = message.get(SecurityToken.class);
    Subject subject = null;
    if (token != null) {
        // Try authenticating using SecurityToken info
        if (token.getTokenType() != TokenType.UsernameToken) {
            throw Messages.MESSAGES.unsupportedTokenType(token.getTokenType());
        }
        UsernameToken ut = (UsernameToken) token;
        subject = createSubject(sdc, ut.getName(), ut.getPassword(), ut.isHashed(), ut.getNonce(), ut.getCreatedTime());
    } else {
        // Try authenticating using WSS4J internal info (previously set into SecurityContext by WSS4JInInterceptor)
        Principal p = context.getUserPrincipal();
        if (!(p instanceof UsernameTokenPrincipal)) {
            throw Messages.MESSAGES.couldNotGetSubjectInfo();
        }
        UsernameTokenPrincipal up = (UsernameTokenPrincipal) p;
        subject = createSubject(sdc, up.getName(), up.getPassword(), up.isPasswordDigest(), up.getNonce(), up.getCreatedTime());
    }
    Principal principal = getPrincipal(context.getUserPrincipal(), subject);
    message.put(SecurityContext.class, createSecurityContext(principal, subject));
}
Also used : SecurityToken(org.apache.cxf.common.security.SecurityToken) Endpoint(org.jboss.wsf.spi.deployment.Endpoint) UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal) SecurityContext(org.apache.cxf.security.SecurityContext) DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) UsernameToken(org.apache.cxf.common.security.UsernameToken) SecurityDomainContext(org.jboss.wsf.spi.security.SecurityDomainContext) Subject(javax.security.auth.Subject) Principal(java.security.Principal) UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)

Aggregations

UsernameToken (org.apache.cxf.common.security.UsernameToken)8 SecurityToken (org.apache.cxf.common.security.SecurityToken)6 Subject (javax.security.auth.Subject)5 SecurityContext (org.apache.cxf.security.SecurityContext)5 DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)4 Principal (java.security.Principal)3 UsernameTokenPrincipal (org.apache.wss4j.common.principal.UsernameTokenPrincipal)3 Endpoint (org.jboss.wsf.spi.deployment.Endpoint)2 JacksonJsonProvider (com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider)1 SimpleGroup (org.apache.cxf.common.security.SimpleGroup)1 Fault (org.apache.cxf.interceptor.Fault)1 NameDigestPasswordCallbackHandler (org.apache.cxf.interceptor.security.NameDigestPasswordCallbackHandler)1 NamePasswordCallbackHandler (org.apache.cxf.interceptor.security.NamePasswordCallbackHandler)1 WebClient (org.apache.cxf.jaxrs.client.WebClient)1 MembershipTO (org.apache.syncope.common.lib.to.MembershipTO)1 UserTO (org.apache.syncope.common.lib.to.UserTO)1 JBossAuthenticationManager (org.jboss.security.plugins.JBossAuthenticationManager)1 SecurityDomainContext (org.jboss.wsf.spi.security.SecurityDomainContext)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial