Examples with DefaultSecurityContext - org.apache.cxf.interceptor.security.DefaultSecurityContext

Example 1 with DefaultSecurityContext

use of org.apache.cxf.interceptor.security.DefaultSecurityContext in project OpenAM by OpenRock.

the class OpenAMSessionTokenServerInterceptor method processToken.

/**
     * This method is called in-bound on the server-side - validate-request in JASPI terms. The method must validate the
     * OpenAM session id with OpenAM, and, if validation is successful, populate the wss4j results with state corresponding
     * to the token validation. It will also assert the relevant tokens, which means affirm that the assertions corresponding
     * to the OpenAMSessionToken have been successfully fulfilled.
     * @param message The message encapsulating the soap invocation.
     * @throws Fault if the OpenAM session in the BinarySecurityToken in invalid.
     */
@Override
protected void processToken(SoapMessage message) throws Fault {
    Header header = findSecurityHeader(message, false);
    if (header == null) {
        return;
    }
    Element el = (Element) header.getObject();
    Element child = DOMUtils.getFirstElement(el);
    while (child != null) {
        if (WSConstants.BINARY_TOKEN_LN.equals(child.getLocalName()) && WSConstants.WSSE_NS.equals(child.getNamespaceURI()) && AMSTSConstants.AM_SESSION_TOKEN_ASSERTION_BST_VALUE_TYPE.equals(child.getAttribute("ValueType"))) {
            try {
                List<WSSecurityEngineResult> validationResults = validateToken(child);
                if (validationResults != null) {
                    List<WSHandlerResult> results = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
                    if (results == null) {
                        results = new ArrayList<WSHandlerResult>();
                        message.put(WSHandlerConstants.RECV_RESULTS, results);
                    }
                    WSHandlerResult rResult = new WSHandlerResult(null, validationResults);
                    results.add(0, rResult);
                    assertTokens(message);
                    Principal principal = (Principal) validationResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
                    message.put(WSS4JInInterceptor.PRINCIPAL_RESULT, principal);
                    SecurityContext sc = message.get(SecurityContext.class);
                    if (sc == null || sc.getUserPrincipal() == null) {
                        message.put(SecurityContext.class, new DefaultSecurityContext(principal, null));
                    }
                }
            } catch (WSSecurityException ex) {
                throw new Fault(ex);
            }
        }
        child = DOMUtils.getNextElement(child);
    }
}

Also used : DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) Header(org.apache.cxf.headers.Header) Element(org.w3c.dom.Element) DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) SecurityContext(org.apache.cxf.security.SecurityContext) WSSecurityException(org.apache.ws.security.WSSecurityException) Fault(org.apache.cxf.interceptor.Fault) WSSecurityEngineResult(org.apache.ws.security.WSSecurityEngineResult) WSHandlerResult(org.apache.ws.security.handler.WSHandlerResult) Principal(java.security.Principal)

Aggregations

Principal (java.security.Principal)1 Header (org.apache.cxf.headers.Header)1 Fault (org.apache.cxf.interceptor.Fault)1 DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)1 SecurityContext (org.apache.cxf.security.SecurityContext)1 WSSecurityEngineResult (org.apache.ws.security.WSSecurityEngineResult)1 WSSecurityException (org.apache.ws.security.WSSecurityException)1 WSHandlerResult (org.apache.ws.security.handler.WSHandlerResult)1 Element (org.w3c.dom.Element)1