Example 71 with SecurityContext
use of org.apache.cxf.security.SecurityContext in project cxf by apache.
the class CustomWSS4JSecurityContextCreator method createSecurityContext.
/**
* Create a SecurityContext and store it on the SoapMessage parameter
*/
public void createSecurityContext(SoapMessage msg, WSHandlerResult handlerResult) {
Map<Integer, List<WSSecurityEngineResult>> actionResults = handlerResult.getActionResults();
Principal asymmetricPrincipal = null;
// Get Asymmetric Signature action
List<WSSecurityEngineResult> foundResults = actionResults.get(WSConstants.SIGN);
if (foundResults != null && !foundResults.isEmpty()) {
for (WSSecurityEngineResult result : foundResults) {
PublicKey publickey = (PublicKey) result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
X509Certificate cert = (X509Certificate) result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
if (publickey == null && cert == null) {
continue;
}
SecurityContext context = createSecurityContext(msg, true, result);
if (context != null && context.getUserPrincipal() != null) {
asymmetricPrincipal = context.getUserPrincipal();
break;
}
}
}
// We must have an asymmetric principal
if (asymmetricPrincipal == null) {
return;
}
// Get signed SAML action
SAMLSecurityContext context = null;
foundResults = actionResults.get(WSConstants.ST_SIGNED);
if (foundResults != null && !foundResults.isEmpty()) {
for (WSSecurityEngineResult result : foundResults) {
Object receivedAssertion = result.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
if (receivedAssertion == null) {
receivedAssertion = result.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
}
if (receivedAssertion instanceof SamlAssertionWrapper) {
String roleAttributeName = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, msg);
if (roleAttributeName == null || roleAttributeName.length() == 0) {
roleAttributeName = WSS4JInInterceptor.SAML_ROLE_ATTRIBUTENAME_DEFAULT;
}
ClaimCollection claims = SAMLUtils.getClaims((SamlAssertionWrapper) receivedAssertion);
Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, roleAttributeName, null);
context = new SAMLSecurityContext(asymmetricPrincipal, roles, claims);
context.setIssuer(SAMLUtils.getIssuer(receivedAssertion));
context.setAssertionElement(SAMLUtils.getAssertionElement(receivedAssertion));
break;
}
}
}
if (context != null) {
msg.put(SecurityContext.class, context);
}
}
Also used :
PublicKey(java.security.PublicKey)
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
X509Certificate(java.security.cert.X509Certificate)
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
List(java.util.List)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
Principal(java.security.Principal)
Example 72 with SecurityContext
use of org.apache.cxf.security.SecurityContext in project tesb-rt-se by Talend.
the class SecurityContextFilter method setNewSecurityContext.
private void setNewSecurityContext(Message message, final String user) {
final SecurityContext newSc = new SecurityContext() {
public Principal getUserPrincipal() {
return new SimplePrincipal(user);
}
public boolean isUserInRole(String arg0) {
return false;
}
};
message.put(SecurityContext.class, newSc);
}
Also used :
SecurityContext(org.apache.cxf.security.SecurityContext)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Example 73 with SecurityContext
use of org.apache.cxf.security.SecurityContext in project tesb-rt-se by Talend.
the class SecurityContextFilter method filter.
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Message message = JAXRSUtils.getCurrentMessage();
SecurityContext sc = message.get(SecurityContext.class);
if (sc != null) {
Principal principal = sc.getUserPrincipal();
if (principal != null && users.containsKey(principal.getName())) {
return;
}
}
List<String> authValues = headers.getRequestHeader("Authorization");
if (authValues == null || authValues.size() != 1) {
requestContext.abortWith(createFaultResponse());
return;
}
String[] values = authValues.get(0).split(" ");
if (values.length != 2 || !"Basic".equals(values[0])) {
requestContext.abortWith(createFaultResponse());
return;
}
String decodedValue = null;
try {
decodedValue = new String(Base64Utility.decode(values[1]));
} catch (Base64Exception ex) {
requestContext.abortWith(createFaultResponse());
return;
}
final String[] namePassword = decodedValue.split(":");
if (namePassword.length != 2) {
requestContext.abortWith(createFaultResponse());
return;
}
String password = users.get(namePassword[0]);
if (password == null || !password.equals(namePassword[1])) {
requestContext.abortWith(createFaultResponse());
return;
}
final SecurityContext newSc = new SecurityContext() {
public Principal getUserPrincipal() {
return new SimplePrincipal(namePassword[0]);
}
public boolean isUserInRole(String arg0) {
return false;
}
};
message.put(SecurityContext.class, newSc);
}
Also used :
Message(org.apache.cxf.message.Message)
Base64Exception(org.apache.cxf.common.util.Base64Exception)
SecurityContext(org.apache.cxf.security.SecurityContext)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Principal(java.security.Principal)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Example 74 with SecurityContext
use of org.apache.cxf.security.SecurityContext in project tesb-rt-se by Talend.
the class MessageToEventMapperTest method getTestMessage.
private Message getTestMessage() throws IOException, EndpointException {
Message message = new MessageImpl();
ExchangeImpl exchange = new ExchangeImpl();
ServiceInfo serviceInfo = new ServiceInfo();
InterfaceInfo interfaceInfo = new InterfaceInfo(serviceInfo, new QName("interfaceNs", "interfaceName"));
serviceInfo.setInterface(interfaceInfo);
SoapBindingInfo bInfo = new SoapBindingInfo(serviceInfo, WSDLConstants.NS_SOAP12);
bInfo.setTransportURI(TransportType);
OperationInfo opInfo = new OperationInfo();
opInfo.setName(new QName("namespace", "opName"));
BindingOperationInfo bindingOpInfo = new BindingOperationInfo(bInfo, opInfo);
exchange.put(BindingOperationInfo.class, bindingOpInfo);
SoapBinding binding = new SoapBinding(bInfo);
exchange.put(Binding.class, binding);
String ns = "ns";
EndpointInfo ei = new EndpointInfo(serviceInfo, ns);
ei.setAddress(Address);
Service service = new ServiceImpl();
Bus bus = BusFactory.getThreadDefaultBus();
Endpoint endpoint = new EndpointImpl(bus, service, ei);
exchange.put(Endpoint.class, endpoint);
message.setExchange(exchange);
FlowIdHelper.setFlowId(message, FlowID);
Principal principal = new X500Principal(PrincipalString);
SecurityContext sc = new DefaultSecurityContext(principal, new Subject());
message.put(SecurityContext.class, sc);
CachedOutputStream cos = new CachedOutputStream();
InputStream is = new ByteArrayInputStream(TESTCONTENT.getBytes("UTF-8"));
IOUtils.copy(is, cos);
message.setContent(CachedOutputStream.class, cos);
CustomInfo customInfo = CustomInfo.getOrCreateCustomInfo(message);
customInfo.put("key1", "value1");
return message;
}
Also used :
BindingOperationInfo(org.apache.cxf.service.model.BindingOperationInfo)
OperationInfo(org.apache.cxf.service.model.OperationInfo)
DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext)
BindingOperationInfo(org.apache.cxf.service.model.BindingOperationInfo)
Message(org.apache.cxf.message.Message)
CachedOutputStream(org.apache.cxf.io.CachedOutputStream)
ServiceInfo(org.apache.cxf.service.model.ServiceInfo)
EndpointInfo(org.apache.cxf.service.model.EndpointInfo)
Endpoint(org.apache.cxf.endpoint.Endpoint)
CustomInfo(org.talend.esb.sam.agent.message.CustomInfo)
Bus(org.apache.cxf.Bus)
QName(javax.xml.namespace.QName)
ServiceImpl(org.apache.cxf.service.ServiceImpl)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
EndpointImpl(org.apache.cxf.endpoint.EndpointImpl)
Service(org.apache.cxf.service.Service)
SoapBinding(org.apache.cxf.binding.soap.SoapBinding)
Subject(javax.security.auth.Subject)
ByteArrayInputStream(java.io.ByteArrayInputStream)
SoapBindingInfo(org.apache.cxf.binding.soap.model.SoapBindingInfo)
DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
X500Principal(javax.security.auth.x500.X500Principal)
InterfaceInfo(org.apache.cxf.service.model.InterfaceInfo)
MessageImpl(org.apache.cxf.message.MessageImpl)
ExchangeImpl(org.apache.cxf.message.ExchangeImpl)
X500Principal(javax.security.auth.x500.X500Principal)
Principal(java.security.Principal)
Example 75 with SecurityContext
use of org.apache.cxf.security.SecurityContext in project jbossws-cxf by jbossws.
the class SubjectCreatingInterceptor method handleMessage.
@Override
public void handleMessage(SoapMessage msg) throws Fault {
Endpoint ep = msg.getExchange().get(Endpoint.class);
sdc.set(ep.getSecurityDomainContext());
try {
SecurityToken token = msg.get(SecurityToken.class);
SecurityContext context = msg.get(SecurityContext.class);
if (token == null || context == null || context.getUserPrincipal() == null) {
super.handleMessage(msg);
return;
}
UsernameToken ut = (UsernameToken) token;
Subject subject = createSubject(ut.getName(), ut.getPassword(), ut.isHashed(), ut.getNonce(), ut.getCreatedTime());
SecurityContext sc = doCreateSecurityContext(context.getUserPrincipal(), subject);
msg.put(SecurityContext.class, sc);
} finally {
if (sdc != null) {
sdc.remove();
}
}
}
Also used :
SecurityToken(org.apache.cxf.common.security.SecurityToken)
Endpoint(org.jboss.wsf.spi.deployment.Endpoint)
DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
UsernameToken(org.apache.cxf.common.security.UsernameToken)
Subject(javax.security.auth.Subject)
Aggregations
SecurityContext (org.apache.cxf.security.SecurityContext)76
Principal (java.security.Principal)26
Message (org.apache.cxf.message.Message)16
Subject (javax.security.auth.Subject)13
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)12
DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)11
SimplePrincipal (org.apache.cxf.common.security.SimplePrincipal)10
Test (org.junit.Test)10
SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)9
WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)9
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)8
LoginSecurityContext (org.apache.cxf.security.LoginSecurityContext)7
ArrayList (java.util.ArrayList)6
QName (javax.xml.namespace.QName)6
SecurityToken (org.apache.cxf.common.security.SecurityToken)6
HashMap (java.util.HashMap)5
MessageImpl (org.apache.cxf.message.MessageImpl)5
UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)5
Element (org.w3c.dom.Element)5
Method (java.lang.reflect.Method)4
