Search in sources :

Example 76 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project jbossws-cxf by jbossws.

the class SubjectCreatingPolicyInterceptor method handleMessage.

@Override
public void handleMessage(Message message) throws Fault {
    Endpoint ep = message.getExchange().get(Endpoint.class);
    SecurityDomainContext sdc = ep.getSecurityDomainContext();
    SecurityContext context = message.get(SecurityContext.class);
    if (context == null || context.getUserPrincipal() == null) {
        Loggers.SECURITY_LOGGER.userPrincipalNotAvailableOnCurrentMessage();
        return;
    }
    SecurityToken token = message.get(SecurityToken.class);
    Subject subject = null;
    if (token != null) {
        // Try authenticating using SecurityToken info
        if (token.getTokenType() != TokenType.UsernameToken) {
            throw Messages.MESSAGES.unsupportedTokenType(token.getTokenType());
        }
        UsernameToken ut = (UsernameToken) token;
        subject = createSubject(sdc, ut.getName(), ut.getPassword(), ut.isHashed(), ut.getNonce(), ut.getCreatedTime());
    } else {
        // Try authenticating using WSS4J internal info (previously set into SecurityContext by WSS4JInInterceptor)
        Principal p = context.getUserPrincipal();
        if (!(p instanceof UsernameTokenPrincipal)) {
            throw Messages.MESSAGES.couldNotGetSubjectInfo();
        }
        UsernameTokenPrincipal up = (UsernameTokenPrincipal) p;
        subject = createSubject(sdc, up.getName(), up.getPassword(), up.isPasswordDigest(), up.getNonce(), up.getCreatedTime());
    }
    Principal principal = getPrincipal(context.getUserPrincipal(), subject);
    message.put(SecurityContext.class, createSecurityContext(principal, subject));
}
Also used : SecurityToken(org.apache.cxf.common.security.SecurityToken) Endpoint(org.jboss.wsf.spi.deployment.Endpoint) UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal) SecurityContext(org.apache.cxf.security.SecurityContext) DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) UsernameToken(org.apache.cxf.common.security.UsernameToken) SecurityDomainContext(org.jboss.wsf.spi.security.SecurityDomainContext) Subject(javax.security.auth.Subject) Principal(java.security.Principal) UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)

Aggregations

SecurityContext (org.apache.cxf.security.SecurityContext)76 Principal (java.security.Principal)26 Message (org.apache.cxf.message.Message)16 Subject (javax.security.auth.Subject)13 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)12 DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)11 SimplePrincipal (org.apache.cxf.common.security.SimplePrincipal)10 Test (org.junit.Test)10 SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)9 WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)9 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)8 LoginSecurityContext (org.apache.cxf.security.LoginSecurityContext)7 ArrayList (java.util.ArrayList)6 QName (javax.xml.namespace.QName)6 SecurityToken (org.apache.cxf.common.security.SecurityToken)6 HashMap (java.util.HashMap)5 MessageImpl (org.apache.cxf.message.MessageImpl)5 UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)5 Element (org.w3c.dom.Element)5 Method (java.lang.reflect.Method)4