Examples with SecurityContext org.apache.cxf.security.SecurityContext used on opensource projects

Search in sources :

Example 6 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class ClaimsAuthorizingInterceptor method handleMessage.

public void handleMessage(Message message) throws Fault {
    SecurityContext sc = message.get(SecurityContext.class);
    if (!(sc instanceof SAMLSecurityContext)) {
        throw new AccessDeniedException("Security Context is unavailable or unrecognized");
    }
    Method method = getTargetMethod(message);
    if (authorize((SAMLSecurityContext) sc, method)) {
        return;
    }
    throw new AccessDeniedException("Unauthorized");
}
Also used : AccessDeniedException(org.apache.cxf.interceptor.security.AccessDeniedException) SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) SecurityContext(org.apache.cxf.security.SecurityContext) Method(java.lang.reflect.Method)

Example 7 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class AbstractXACMLAuthorizingInterceptor method handleMessage.

public void handleMessage(Message message) throws Fault {
    SecurityContext sc = message.get(SecurityContext.class);
    if (sc instanceof LoginSecurityContext) {
        Principal principal = sc.getUserPrincipal();
        String principalName = null;
        if (principal != null) {
            principalName = principal.getName();
        }
        LoginSecurityContext loginSecurityContext = (LoginSecurityContext) sc;
        Set<Principal> principalRoles = loginSecurityContext.getUserRoles();
        List<String> roles = new ArrayList<>();
        if (principalRoles != null) {
            for (Principal p : principalRoles) {
                if (p != null && p.getName() != null && !p.getName().equals(principalName)) {
                    roles.add(p.getName());
                }
            }
        }
        try {
            if (authorize(principal, roles, message)) {
                return;
            }
        } catch (Exception e) {
            LOG.log(Level.FINE, "Unauthorized: " + e.getMessage(), e);
            throw new AccessDeniedException("Unauthorized");
        }
    } else {
        LOG.log(Level.FINE, "The SecurityContext was not an instance of LoginSecurityContext. No authorization " + "is possible as a result");
    }
    throw new AccessDeniedException("Unauthorized");
}
Also used : AccessDeniedException(org.apache.cxf.interceptor.security.AccessDeniedException) SecurityContext(org.apache.cxf.security.SecurityContext) LoginSecurityContext(org.apache.cxf.security.LoginSecurityContext) LoginSecurityContext(org.apache.cxf.security.LoginSecurityContext) ArrayList(java.util.ArrayList) Principal(java.security.Principal) AccessDeniedException(org.apache.cxf.interceptor.security.AccessDeniedException)

Example 8 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class AbstractAuthFilter method createSecurityContext.

protected SecurityContext createSecurityContext(HttpServletRequest request, final OAuthInfo info) {
    // TODO:
    // This custom parameter is only needed by the "oauth"
    // demo shipped in the distribution; needs to be removed.
    request.setAttribute("oauth_authorities", info.getRoles());
    UserSubject subject = info.getToken().getSubject();
    final UserSubject theSubject = subject;
    return new SecurityContext() {

        public Principal getUserPrincipal() {
            String login = AbstractAuthFilter.this.useUserSubject ? (theSubject != null ? theSubject.getLogin() : null) : info.getToken().getClient().getLoginName();
            return new SimplePrincipal(login);
        }

        public boolean isUserInRole(String role) {
            List<String> roles = null;
            if (AbstractAuthFilter.this.useUserSubject && theSubject != null) {
                roles = theSubject.getRoles();
            } else {
                roles = info.getRoles();
            }
            return roles.contains(role);
        }
    };
}
Also used : UserSubject(org.apache.cxf.rs.security.oauth.data.UserSubject) SecurityContext(org.apache.cxf.security.SecurityContext) SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)

Example 9 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class OAuthRequestFilter method setSecurityContext.

private void setSecurityContext(MessageContext mc, Message m, OAuthInfo info) {
    SecurityContext sc = createSecurityContext(mc.getHttpServletRequest(), info);
    m.setContent(SecurityContext.class, sc);
    m.setContent(OAuthContext.class, createOAuthContext(info));
}
Also used : SecurityContext(org.apache.cxf.security.SecurityContext)

Example 10 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class OAuthRequestFilter method createSecurityContext.

protected SecurityContext createSecurityContext(HttpServletRequest request, AccessTokenValidation accessTokenV) {
    UserSubject resourceOwnerSubject = accessTokenV.getTokenSubject();
    UserSubject clientSubject = accessTokenV.getClientSubject();
    final UserSubject theSubject = OAuthRequestFilter.this.useUserSubject ? resourceOwnerSubject : clientSubject;
    return new SecurityContext() {

        public Principal getUserPrincipal() {
            return theSubject != null ? new SimplePrincipal(theSubject.getLogin()) : null;
        }

        public boolean isUserInRole(String role) {
            if (theSubject == null) {
                return false;
            }
            return theSubject.getRoles().contains(role);
        }
    };
}
Also used : UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject) SecurityContext(org.apache.cxf.security.SecurityContext) SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)

Aggregations

SecurityContext (org.apache.cxf.security.SecurityContext)74 Principal (java.security.Principal)26 Message (org.apache.cxf.message.Message)16 Subject (javax.security.auth.Subject)13 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)12 DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)11 SimplePrincipal (org.apache.cxf.common.security.SimplePrincipal)10 Test (org.junit.Test)10 ArrayList (java.util.ArrayList)9 SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)9 WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)9 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)8 LoginSecurityContext (org.apache.cxf.security.LoginSecurityContext)7 QName (javax.xml.namespace.QName)6 SecurityToken (org.apache.cxf.common.security.SecurityToken)6 MessageImpl (org.apache.cxf.message.MessageImpl)6 HashMap (java.util.HashMap)5 UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)5 Element (org.w3c.dom.Element)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial