Example 51 with SecurityContext
use of org.apache.cxf.security.SecurityContext in project cxf by apache.
the class Saml2BearerGrantHandler method getGrantSubject.
protected UserSubject getGrantSubject(Message message, SamlAssertionWrapper wrapper) {
SecurityContext sc = scProvider.getSecurityContext(message, wrapper);
if (sc instanceof SAMLSecurityContext) {
SAMLSecurityContext jaxrsSc = (SAMLSecurityContext) sc;
Set<Principal> rolesP = jaxrsSc.getUserRoles();
List<String> roles = new ArrayList<>();
if (rolesP != null) {
for (Principal p : rolesP) {
roles.add(p.getName());
}
}
return new SamlUserSubject(jaxrsSc.getUserPrincipal().getName(), roles, jaxrsSc.getClaims());
}
return new UserSubject(sc.getUserPrincipal().getName());
}
Also used :
UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject)
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
ArrayList(java.util.ArrayList)
Principal(java.security.Principal)
Example 52 with SecurityContext
use of org.apache.cxf.security.SecurityContext in project cxf by apache.
the class AbstractUsernameTokenAuthenticatingInterceptor method handleMessage.
@Override
public void handleMessage(SoapMessage msg) throws Fault {
SecurityToken token = msg.get(SecurityToken.class);
SecurityContext context = msg.get(SecurityContext.class);
if (token == null || context == null || context.getUserPrincipal() == null) {
super.handleMessage(msg);
return;
}
UsernameToken ut = (UsernameToken) token;
Subject subject = createSubject(ut.getName(), ut.getPassword(), ut.isHashed(), ut.getNonce(), ut.getCreatedTime());
SecurityContext sc = doCreateSecurityContext(context.getUserPrincipal(), subject);
msg.put(SecurityContext.class, sc);
}
Also used :
SecurityToken(org.apache.cxf.common.security.SecurityToken)
DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
UsernameToken(org.apache.cxf.common.security.UsernameToken)
Subject(javax.security.auth.Subject)
Example 53 with SecurityContext
use of org.apache.cxf.security.SecurityContext in project cxf by apache.
the class DefaultWSS4JSecurityContextCreator method createSecurityContext.
/**
* Create a SecurityContext and store it on the SoapMessage parameter
*/
public void createSecurityContext(SoapMessage msg, WSHandlerResult handlerResult) {
boolean allowUnsignedSamlPrincipals = SecurityUtils.getSecurityPropertyBoolean(SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, msg, false);
boolean allowUTNoPassword = SecurityUtils.getSecurityPropertyBoolean(SecurityConstants.ENABLE_UT_NOPASSWORD_PRINCIPAL, msg, false);
boolean useJAASSubject = true;
String useJAASSubjectStr = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SC_FROM_JAAS_SUBJECT, msg);
if (useJAASSubjectStr != null) {
useJAASSubject = Boolean.parseBoolean(useJAASSubjectStr);
}
// Now go through the results in a certain order to set up a security context. Highest priority is first.
Map<Integer, List<WSSecurityEngineResult>> actionResults = handlerResult.getActionResults();
for (Integer resultPriority : securityPriorities) {
if ((resultPriority == WSConstants.ST_UNSIGNED && !allowUnsignedSamlPrincipals) || (resultPriority == WSConstants.UT_NOPASSWORD && !allowUTNoPassword)) {
continue;
}
List<WSSecurityEngineResult> foundResults = actionResults.get(resultPriority);
if (foundResults != null && !foundResults.isEmpty()) {
for (WSSecurityEngineResult result : foundResults) {
if (!skipResult(resultPriority, result)) {
SecurityContext context = createSecurityContext(msg, useJAASSubject, result);
if (context != null) {
msg.put(SecurityContext.class, context);
return;
}
}
}
}
}
}
Also used :
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
ArrayList(java.util.ArrayList)
List(java.util.List)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Example 54 with SecurityContext
use of org.apache.cxf.security.SecurityContext in project cxf by apache.
the class BinarySecurityTokenInterceptor method processToken.
protected void processToken(SoapMessage message) {
Header h = findSecurityHeader(message, false);
if (h == null) {
return;
}
Element el = (Element) h.getObject();
Element child = DOMUtils.getFirstElement(el);
while (child != null) {
if (WSS4JConstants.BINARY_TOKEN_LN.equals(child.getLocalName()) && WSS4JConstants.WSSE_NS.equals(child.getNamespaceURI())) {
try {
List<WSSecurityEngineResult> bstResults = processToken(child, message);
if (bstResults != null) {
List<WSHandlerResult> results = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
if (results == null) {
results = new ArrayList<>();
message.put(WSHandlerConstants.RECV_RESULTS, results);
}
WSHandlerResult rResult = new WSHandlerResult(null, bstResults, Collections.singletonMap(WSConstants.BST, bstResults));
results.add(0, rResult);
assertTokens(message);
Principal principal = (Principal) bstResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
SecurityContext sc = message.get(SecurityContext.class);
if (sc == null || sc.getUserPrincipal() == null) {
message.put(SecurityContext.class, new DefaultSecurityContext(principal, null));
}
}
} catch (WSSecurityException ex) {
throw WSS4JUtils.createSoapFault(message, message.getVersion(), ex);
}
}
child = DOMUtils.getNextElement(child);
}
}
Also used :
DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext)
Header(org.apache.cxf.headers.Header)
Element(org.w3c.dom.Element)
DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult)
Principal(java.security.Principal)
Example 55 with SecurityContext
use of org.apache.cxf.security.SecurityContext in project cxf by apache.
the class JwsContainerRequestFilter method filter.
@Override
public void filter(ContainerRequestContext context) throws IOException {
if (isMethodWithNoContent(context.getMethod()) || isCheckEmptyStream() && !context.hasEntity()) {
return;
}
final String content = IOUtils.readStringFromStream(context.getEntityStream());
if (StringUtils.isEmpty(content)) {
return;
}
JwsCompactConsumer p = new JwsCompactConsumer(content);
JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier(p.getJwsHeaders());
if (!p.verifySignatureWith(theSigVerifier)) {
context.abortWith(JAXRSUtils.toResponse(400));
return;
}
JoseUtils.validateRequestContextProperty(p.getJwsHeaders());
byte[] bytes = p.getDecodedJwsPayloadBytes();
context.setEntityStream(new ByteArrayInputStream(bytes));
context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
String ct = JoseUtils.checkContentType(p.getJwsHeaders().getContentType(), getDefaultMediaType());
if (ct != null) {
context.getHeaders().putSingle("Content-Type", ct);
}
if (super.isValidateHttpHeaders()) {
super.validateHttpHeadersIfNeeded(context.getHeaders(), p.getJwsHeaders());
}
Principal currentPrincipal = context.getSecurityContext().getUserPrincipal();
if (currentPrincipal == null || currentPrincipal.getName() == null) {
SecurityContext securityContext = configureSecurityContext(theSigVerifier);
if (securityContext != null) {
JAXRSUtils.getCurrentMessage().put(SecurityContext.class, securityContext);
}
}
}
Also used :
PublicKeyJwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.PublicKeyJwsSignatureVerifier)
JwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier)
ByteArrayInputStream(java.io.ByteArrayInputStream)
JwsCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)
SecurityContext(org.apache.cxf.security.SecurityContext)
Principal(java.security.Principal)
Aggregations
SecurityContext (org.apache.cxf.security.SecurityContext)76
Principal (java.security.Principal)26
Message (org.apache.cxf.message.Message)16
Subject (javax.security.auth.Subject)13
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)12
DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)11
SimplePrincipal (org.apache.cxf.common.security.SimplePrincipal)10
Test (org.junit.Test)10
SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)9
WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)9
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)8
LoginSecurityContext (org.apache.cxf.security.LoginSecurityContext)7
ArrayList (java.util.ArrayList)6
QName (javax.xml.namespace.QName)6
SecurityToken (org.apache.cxf.common.security.SecurityToken)6
HashMap (java.util.HashMap)5
MessageImpl (org.apache.cxf.message.MessageImpl)5
UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)5
Element (org.w3c.dom.Element)5
Method (java.lang.reflect.Method)4
