Examples with AuthorizationPolicy org.apache.cxf.configuration.security.AuthorizationPolicy used on opensource projects

Example 21 with AuthorizationPolicy

use of org.apache.cxf.configuration.security.AuthorizationPolicy in project cxf by apache.

the class HTTPSConduitTest method testHttpsTrust.

@Test
public void testHttpsTrust() throws Exception {
    startServer("Bethal");
    URL wsdl = getClass().getResource("greeting.wsdl");
    assertNotNull("WSDL is null", wsdl);
    SOAPService service = new SOAPService(wsdl, serviceName);
    assertNotNull("Service is null", service);
    Greeter bethal = service.getPort(bethalQ, Greeter.class);
    assertNotNull("Port is null", bethal);
    updateAddressPort(bethal, getPort("PORT4"));
    // Okay, I'm sick of configuration files.
    // This also tests dynamic configuration of the conduit.
    Client client = ClientProxy.getClient(bethal);
    HTTPConduit http = (HTTPConduit) client.getConduit();
    HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
    httpClientPolicy.setAutoRedirect(false);
    // If we set any name, but Edward, Mary, or George,
    // and a password of "password" we will get through
    // Bethal.
    AuthorizationPolicy authPolicy = new AuthorizationPolicy();
    authPolicy.setUserName("Betty");
    authPolicy.setPassword("password");
    http.setClient(httpClientPolicy);
    http.setTlsClientParameters(tlsClientParameters);
    http.setAuthorization(authPolicy);
    // Our expected server should be OU=Bethal
    http.setTrustDecider(new MyHttpsTrustDecider("Bethal"));
    configureProxy(client);
    String answer = bethal.sayHi();
    assertTrue("Unexpected answer: " + answer, "Bonjour from Bethal".equals(answer));
    assertProxyRequestCount(0);
    // Nobody will not equal OU=Bethal
    MyHttpsTrustDecider trustDecider = new MyHttpsTrustDecider("Nobody");
    http.setTrustDecider(trustDecider);
    try {
        answer = bethal.sayHi();
        fail("Unexpected answer from Bethal: " + answer);
    } catch (Exception e) {
    // e.printStackTrace();
    // assertTrue("Trust Decider was not called",
    // 0 > trustDecider.wasCalled());
    }
    assertProxyRequestCount(0);
}

Example 22 with AuthorizationPolicy

use of org.apache.cxf.configuration.security.AuthorizationPolicy in project cxf by apache.

the class JwtAuthenticationClientFilter method filter.

@Override
public void filter(ClientRequestContext requestContext) throws IOException {
    JwtToken jwt = getJwtToken(requestContext);
    if (jwt == null && super.isJweRequired()) {
        AuthorizationPolicy ap = JAXRSUtils.getCurrentMessage().getExchange().getEndpoint().getEndpointInfo().getExtensor(AuthorizationPolicy.class);
        if (ap != null && ap.getUserName() != null) {
            JwtClaims claims = new JwtClaims();
            claims.setSubject(ap.getUserName());
            claims.setClaim("password", ap.getPassword());
            claims.setIssuedAt(System.currentTimeMillis() / 1000L);
            jwt = new JwtToken(new JweHeaders(), claims);
        }
    }
    if (jwt == null) {
        throw new JoseException("JWT token is not available");
    }
    String data = super.processJwt(jwt);
    requestContext.getHeaders().putSingle(HttpHeaders.AUTHORIZATION, authScheme + " " + data);
}

Example 23 with AuthorizationPolicy

use of org.apache.cxf.configuration.security.AuthorizationPolicy in project cxf by apache.

the class AuthPolicyValidatingInterceptorTest method testValidateAuthorizationPolicy.

@Test
public void testValidateAuthorizationPolicy() throws Exception {
    AuthPolicyValidatingInterceptor in = new AuthPolicyValidatingInterceptor();
    TestSTSTokenValidator validator = new TestSTSTokenValidator();
    in.setValidator(validator);
    AuthorizationPolicy policy = new AuthorizationPolicy();
    policy.setUserName("bob");
    policy.setPassword("pswd");
    Message message = new MessageImpl();
    message.put(AuthorizationPolicy.class, policy);
    in.handleMessage(message);
    assertTrue(validator.isValidated());
}

Example 24 with AuthorizationPolicy

use of org.apache.cxf.configuration.security.AuthorizationPolicy in project cxf by apache.

the class ClientProxyFactoryBean method create.

/**
 * Creates a proxy object that can be used to make remote invocations.
 *
 * @return the proxy. You must cast the returned object to the appropriate class before using it.
 */
public synchronized Object create() {
    ClassLoaderHolder orig = null;
    try {
        if (getBus() != null) {
            ClassLoader loader = getBus().getExtension(ClassLoader.class);
            if (loader != null) {
                orig = ClassLoaderUtils.setThreadContextClassloader(loader);
            }
        }
        configureObject();
        if (properties == null) {
            properties = new HashMap<>();
        }
        if (username != null) {
            AuthorizationPolicy authPolicy = new AuthorizationPolicy();
            authPolicy.setUserName(username);
            authPolicy.setPassword(password);
            properties.put(AuthorizationPolicy.class.getName(), authPolicy);
        }
        initFeatures();
        clientFactoryBean.setProperties(properties);
        if (bus != null) {
            clientFactoryBean.setBus(bus);
        }
        if (dataBinding != null) {
            clientFactoryBean.setDataBinding(dataBinding);
        }
        Client c = clientFactoryBean.create();
        if (getInInterceptors() != null) {
            c.getInInterceptors().addAll(getInInterceptors());
        }
        if (getOutInterceptors() != null) {
            c.getOutInterceptors().addAll(getOutInterceptors());
        }
        if (getInFaultInterceptors() != null) {
            c.getInFaultInterceptors().addAll(getInFaultInterceptors());
        }
        if (getOutFaultInterceptors() != null) {
            c.getOutFaultInterceptors().addAll(getOutFaultInterceptors());
        }
        ClientProxy handler = clientClientProxy(c);
        Class<?>[] classes = getImplementingClasses();
        Object obj = ProxyHelper.getProxy(getClassLoader(clientFactoryBean.getServiceClass()), classes, handler);
        this.getServiceFactory().sendEvent(FactoryBeanListener.Event.PROXY_CREATED, classes, handler, obj);
        return obj;
    } finally {
        if (orig != null) {
            orig.reset();
        }
    }
}

Example 25 with AuthorizationPolicy

use of org.apache.cxf.configuration.security.AuthorizationPolicy in project cxf by apache.

the class NettyHttpDestinationTest method verifyRequestHeaders.

private void verifyRequestHeaders() throws Exception {
    Map<String, List<String>> requestHeaders = CastUtils.cast((Map<?, ?>) inMessage.get(Message.PROTOCOL_HEADERS));
    assertNotNull("expected request headers", requestHeaders);
    List<String> values = requestHeaders.get("content-type");
    assertNotNull("expected field", values);
    assertEquals("unexpected values", 2, values.size());
    assertTrue("expected value", values.contains("text/xml"));
    assertTrue("expected value", values.contains("charset=utf8"));
    values = requestHeaders.get(AUTH_HEADER);
    assertNotNull("expected field", values);
    assertEquals("unexpected values", 1, values.size());
    assertTrue("expected value", values.contains(BASIC_AUTH));
    AuthorizationPolicy authpolicy = inMessage.get(AuthorizationPolicy.class);
    assertNotNull("Expected some auth tokens", policy);
    assertEquals("expected user", USER, authpolicy.getUserName());
    assertEquals("expected passwd", PASSWD, authpolicy.getPassword());
}