Examples with SecurityContext - org.apache.cxf.security.SecurityContext

Example 16 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class XACMLAuthorizingInterceptorTest method testPermit.

@org.junit.Test
public void testPermit() throws Exception {
    // Mock up a Security Context
    SecurityContext sc = createSecurityContext("alice", "manager");
    String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
    MessageImpl msg = new MessageImpl();
    msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
    String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
    msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
    String resourceURI = "https://localhost:8080/doubleit";
    msg.put(Message.REQUEST_URI, resourceURI);
    msg.put(SecurityContext.class, sc);
    PolicyDecisionPoint pdp = new DummyPDP();
    XACMLAuthorizingInterceptor authorizingInterceptor = new XACMLAuthorizingInterceptor(pdp);
    authorizingInterceptor.handleMessage(msg);
}

Also used : SecurityContext(org.apache.cxf.security.SecurityContext) LoginSecurityContext(org.apache.cxf.security.LoginSecurityContext) MessageImpl(org.apache.cxf.message.MessageImpl)

Example 17 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class RESTSecurityTokenServiceImpl method getPrincipal.

@Override
protected Principal getPrincipal() {
    // Try JAX-RS SecurityContext first
    if (securityContext != null && securityContext.getUserPrincipal() != null) {
        return securityContext.getUserPrincipal();
    }
    // Then try the CXF SecurityContext
    SecurityContext sc = (SecurityContext) messageContext.get(SecurityContext.class);
    if (sc != null && sc.getUserPrincipal() != null) {
        return sc.getUserPrincipal();
    }
    // Get the TLS client principal if no security context is set up
    X509Certificate clientCert = getTLSClientCertificate();
    if (clientCert != null) {
        return clientCert.getSubjectX500Principal();
    }
    return null;
}

Also used : SecurityContext(org.apache.cxf.security.SecurityContext) X509Certificate(java.security.cert.X509Certificate)

Example 18 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class JMSDestinationTest method testSecurityContext.

@Test
public void testSecurityContext() throws Exception {
    SecurityContext ctx = testSecurityContext(true);
    assertNotNull("SecurityContext should be set in message received by JMSDestination", ctx);
    assertEquals("Principal in SecurityContext should be", "testUser", ctx.getUserPrincipal().getName());
}

Also used : SecurityContext(org.apache.cxf.security.SecurityContext) Test(org.junit.Test)

Example 19 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class JMSDestinationTest method testRoundTripDestinationDoNotCreateSecurityContext.

@Test
public void testRoundTripDestinationDoNotCreateSecurityContext() throws Exception {
    Message msg = testRoundTripDestination(false);
    SecurityContext securityContext = msg.get(SecurityContext.class);
    assertNull("SecurityContext should not be set in message received by JMSDestination", securityContext);
}

Also used : Message(org.apache.cxf.message.Message) SecurityContext(org.apache.cxf.security.SecurityContext) Test(org.junit.Test)

Example 20 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class AbstractJwtAuthenticationFilter method filter.

@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
    String encodedJwtToken = getEncodedJwtToken(requestContext);
    JwtToken token = super.getJwtToken(encodedJwtToken);
    SecurityContext securityContext = configureSecurityContext(token);
    if (securityContext != null) {
        JAXRSUtils.getCurrentMessage().put(SecurityContext.class, securityContext);
    }
}

Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) SecurityContext(org.apache.cxf.security.SecurityContext)

Aggregations

SecurityContext (org.apache.cxf.security.SecurityContext)74 Principal (java.security.Principal)26 Message (org.apache.cxf.message.Message)16 Subject (javax.security.auth.Subject)13 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)12 DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)11 SimplePrincipal (org.apache.cxf.common.security.SimplePrincipal)10 Test (org.junit.Test)10 ArrayList (java.util.ArrayList)9 SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)9 WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)9 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)8 LoginSecurityContext (org.apache.cxf.security.LoginSecurityContext)7 QName (javax.xml.namespace.QName)6 SecurityToken (org.apache.cxf.common.security.SecurityToken)6 MessageImpl (org.apache.cxf.message.MessageImpl)6 HashMap (java.util.HashMap)5 UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)5 Element (org.w3c.dom.Element)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4