Examples with SecurityContext org.apache.cxf.security.SecurityContext used on opensource projects

Search in sources :

Example 1 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project ddf by codice.

the class SecurityAssertionStore method getSecurityAssertion.

/**
     * Return the SecurityAssertion wrapper associated with the provided message
     *
     * @param message Message
     * @return SecurityAssertion
     */
public static SecurityAssertion getSecurityAssertion(Message message) {
    if (message != null) {
        TokenStore tokenStore = getTokenStore(message);
        Principal principal = null;
        SecurityContext context = message.get(SecurityContext.class);
        if (context != null) {
            principal = context.getUserPrincipal();
        }
        if (!(principal instanceof SAMLTokenPrincipal)) {
            // Try to find the SAMLTokenPrincipal if it exists
            List<?> wsResults = List.class.cast(message.get(WSHandlerConstants.RECV_RESULTS));
            if (wsResults != null) {
                for (Object wsResult : wsResults) {
                    if (wsResult instanceof WSHandlerResult) {
                        List<WSSecurityEngineResult> wsseResults = ((WSHandlerResult) wsResult).getResults();
                        for (WSSecurityEngineResult wsseResult : wsseResults) {
                            Object principalResult = wsseResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
                            if (principalResult instanceof SAMLTokenPrincipal) {
                                principal = (SAMLTokenPrincipal) principalResult;
                                break;
                            }
                        }
                    }
                }
            }
        }
        if (tokenStore != null && principal != null && principal instanceof SAMLTokenPrincipal) {
            String id = ((SAMLTokenPrincipal) principal).getId();
            SamlAssertionWrapper samlAssertionWrapper = ((SAMLTokenPrincipal) principal).getToken();
            SecurityToken token = tokenStore.getToken(id);
            if (token == null) {
                if (samlAssertionWrapper.getSaml2().getIssueInstant() != null && samlAssertionWrapper.getSaml2().getConditions() != null && samlAssertionWrapper.getSaml2().getConditions().getNotOnOrAfter() != null) {
                    token = new SecurityToken(id, samlAssertionWrapper.getElement(), samlAssertionWrapper.getSaml2().getIssueInstant().toDate(), samlAssertionWrapper.getSaml2().getConditions().getNotOnOrAfter().toDate());
                } else {
                    // we don't know how long this should last or when it was created, so just
                    // set it to 1 minute
                    // This shouldn't happen unless someone sets up a third party STS with weird
                    // settings.
                    Date date = new Date();
                    token = new SecurityToken(id, samlAssertionWrapper.getElement(), date, new Date(date.getTime() + TimeUnit.MINUTES.toMillis(1)));
                }
                tokenStore.add(token);
            }
            return new SecurityAssertionImpl(token);
        }
    }
    return new SecurityAssertionImpl();
}
Also used : SAMLTokenPrincipal(org.apache.wss4j.common.principal.SAMLTokenPrincipal) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) Date(java.util.Date) SecurityAssertionImpl(ddf.security.assertion.impl.SecurityAssertionImpl) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) SecurityContext(org.apache.cxf.security.SecurityContext) TokenStore(org.apache.cxf.ws.security.tokenstore.TokenStore) SAMLTokenPrincipal(org.apache.wss4j.common.principal.SAMLTokenPrincipal) Principal(java.security.Principal)

Example 2 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class ClaimsAuthorizingInterceptor method handleMessage.

public void handleMessage(Message message) throws Fault {
    SecurityContext sc = message.get(SecurityContext.class);
    if (!(sc instanceof SAMLSecurityContext)) {
        throw new AccessDeniedException("Security Context is unavailable or unrecognized");
    }
    Method method = getTargetMethod(message);
    if (authorize((SAMLSecurityContext) sc, method)) {
        return;
    }
    throw new AccessDeniedException("Unauthorized");
}
Also used : AccessDeniedException(org.apache.cxf.interceptor.security.AccessDeniedException) SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) SecurityContext(org.apache.cxf.security.SecurityContext) Method(java.lang.reflect.Method)

Example 3 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class AbstractAuthFilter method createSecurityContext.

protected SecurityContext createSecurityContext(HttpServletRequest request, final OAuthInfo info) {
    // TODO:
    // This custom parameter is only needed by the "oauth"
    // demo shipped in the distribution; needs to be removed.
    request.setAttribute("oauth_authorities", info.getRoles());
    UserSubject subject = info.getToken().getSubject();
    final UserSubject theSubject = subject;
    return new SecurityContext() {

        public Principal getUserPrincipal() {
            String login = AbstractAuthFilter.this.useUserSubject ? (theSubject != null ? theSubject.getLogin() : null) : info.getToken().getClient().getLoginName();
            return new SimplePrincipal(login);
        }

        public boolean isUserInRole(String role) {
            List<String> roles = null;
            if (AbstractAuthFilter.this.useUserSubject && theSubject != null) {
                roles = theSubject.getRoles();
            } else {
                roles = info.getRoles();
            }
            return roles.contains(role);
        }
    };
}
Also used : UserSubject(org.apache.cxf.rs.security.oauth.data.UserSubject) SecurityContext(org.apache.cxf.security.SecurityContext) SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)

Example 4 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class OAuthRequestFilter method setSecurityContext.

private void setSecurityContext(MessageContext mc, Message m, OAuthInfo info) {
    SecurityContext sc = createSecurityContext(mc.getHttpServletRequest(), info);
    m.setContent(SecurityContext.class, sc);
    m.setContent(OAuthContext.class, createOAuthContext(info));
}
Also used : SecurityContext(org.apache.cxf.security.SecurityContext)

Example 5 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class ClaimsAuthorizingInterceptorTest method prepareMessage.

private Message prepareMessage(Class<?> cls, String methodName, org.apache.cxf.rt.security.claims.Claim... claim) throws Exception {
    ClaimCollection claims = new ClaimCollection();
    claims.addAll(Arrays.asList(claim));
    Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
    SecurityContext sc = new SAMLSecurityContext(new SimplePrincipal("user"), roles, claims);
    Message m = new MessageImpl();
    m.setExchange(new ExchangeImpl());
    m.put(SecurityContext.class, sc);
    m.put("org.apache.cxf.resource.method", cls.getMethod(methodName, new Class[] {}));
    return m;
}
Also used : Message(org.apache.cxf.message.Message) SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) SecurityContext(org.apache.cxf.security.SecurityContext) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) MessageImpl(org.apache.cxf.message.MessageImpl) SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal) Principal(java.security.Principal) SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal) ExchangeImpl(org.apache.cxf.message.ExchangeImpl)

Aggregations

SecurityContext (org.apache.cxf.security.SecurityContext)76 Principal (java.security.Principal)26 Message (org.apache.cxf.message.Message)16 Subject (javax.security.auth.Subject)13 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)12 DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)11 SimplePrincipal (org.apache.cxf.common.security.SimplePrincipal)10 Test (org.junit.Test)10 SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)9 WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)9 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)8 LoginSecurityContext (org.apache.cxf.security.LoginSecurityContext)7 ArrayList (java.util.ArrayList)6 QName (javax.xml.namespace.QName)6 SecurityToken (org.apache.cxf.common.security.SecurityToken)6 HashMap (java.util.HashMap)5 MessageImpl (org.apache.cxf.message.MessageImpl)5 UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)5 Element (org.w3c.dom.Element)5 Method (java.lang.reflect.Method)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial