Examples with SecurityContext org.apache.cxf.security.SecurityContext used on opensource projects

Search in sources :

Example 26 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project tesb-rt-se by Talend.

the class SecurityContextFilter method filter.

@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
    Message message = JAXRSUtils.getCurrentMessage();
    SecurityContext sc = message.get(SecurityContext.class);
    if (sc != null) {
        Principal principal = sc.getUserPrincipal();
        if (principal != null) {
            String accountName = principal.getName();
            UserAccount account = accounts.getAccount(accountName);
            if (account == null) {
                account = accounts.getAccountWithAlias(accountName);
            }
            if (account == null) {
                requestContext.abortWith(createFaultResponse());
            } else {
                setNewSecurityContext(message, account.getName());
            }
            return;
        }
    }
    List<String> authValues = headers.getRequestHeader("Authorization");
    if (authValues == null || authValues.size() != 1) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    String[] values = authValues.get(0).split(" ");
    if (values.length != 2 || !"Basic".equals(values[0])) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    String decodedValue = null;
    try {
        decodedValue = new String(Base64Utility.decode(values[1]));
    } catch (Base64Exception ex) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    String[] namePassword = decodedValue.split(":");
    if (namePassword.length != 2) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    final UserAccount account = accounts.getAccount(namePassword[0]);
    if (account == null || !account.getPassword().equals(namePassword[1])) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    setNewSecurityContext(message, account.getName());
}
Also used : Message(org.apache.cxf.message.Message) Base64Exception(org.apache.cxf.common.util.Base64Exception) SecurityContext(org.apache.cxf.security.SecurityContext) SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal) Principal(java.security.Principal)

Example 27 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project tesb-rt-se by Talend.

the class SecurityContextFilter method filter.

@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
    Message message = JAXRSUtils.getCurrentMessage();
    if (ui.getAbsolutePath().toString().endsWith(userRegistrationPath)) {
        return;
    }
    List<String> authValues = headers.getRequestHeader("Authorization");
    if (authValues.size() != 1) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    String[] values = authValues.get(0).split(" ");
    if (values.length != 2 || !"Basic".equals(values[0])) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    String decodedValue = null;
    try {
        decodedValue = new String(Base64Utility.decode(values[1]));
    } catch (Base64Exception ex) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    String[] namePassword = decodedValue.split(":");
    if (namePassword.length != 2) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    final UserAccount account = accounts.getAccount(namePassword[0]);
    if (account == null || !account.getPassword().equals(namePassword[1])) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    final SecurityContext sc = new SecurityContext() {

        public Principal getUserPrincipal() {
            return new SimplePrincipal(account.getName());
        }

        public boolean isUserInRole(String arg0) {
            return false;
        }
    };
    message.put(SecurityContext.class, sc);
}
Also used : Message(org.apache.cxf.message.Message) Base64Exception(org.apache.cxf.common.util.Base64Exception) SecurityContext(org.apache.cxf.security.SecurityContext) SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)

Example 28 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project tesb-rt-se by Talend.

the class SecurityContextFilter method filter.

@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
    List<String> authValues = headers.getRequestHeader("Authorization");
    if (authValues.size() != 1) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    String[] values = authValues.get(0).split(" ");
    if (values.length != 2 || !"Basic".equals(values[0])) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    String decodedValue = null;
    try {
        decodedValue = new String(Base64Utility.decode(values[1]));
    } catch (Base64Exception ex) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    final String[] namePassword = decodedValue.split(":");
    if (namePassword.length != 2) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    String password = users.get(namePassword[0]);
    if (password == null || !password.equals(namePassword[1])) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    final SecurityContext sc = new SecurityContext() {

        public Principal getUserPrincipal() {
            return new SimplePrincipal(namePassword[0]);
        }

        public boolean isUserInRole(String arg0) {
            return false;
        }
    };
    JAXRSUtils.getCurrentMessage().put(SecurityContext.class, sc);
}
Also used : Base64Exception(org.apache.cxf.common.util.Base64Exception) SecurityContext(org.apache.cxf.security.SecurityContext) SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)

Example 29 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project jbossws-cxf by jbossws.

the class AuthenticationMgrSubjectCreatingInterceptor method handleMessage.

@Override
public void handleMessage(Message message) throws Fault {
    JBossAuthenticationManager authenticationManger = message.get(JBossAuthenticationManager.class);
    if (authenticationManger == null) {
        return;
    }
    SecurityContext context = message.get(SecurityContext.class);
    if (context == null || context.getUserPrincipal() == null) {
        Loggers.SECURITY_LOGGER.userPrincipalNotAvailableOnCurrentMessage();
        return;
    }
    SecurityToken token = message.get(SecurityToken.class);
    Subject subject = null;
    if (token != null) {
        // Try authenticating using SecurityToken info
        if (token.getTokenType() != TokenType.UsernameToken) {
            throw Messages.MESSAGES.unsupportedTokenType(token.getTokenType());
        }
        UsernameToken ut = (UsernameToken) token;
        subject = helper.createSubject(authenticationManger, ut.getName(), ut.getPassword(), ut.isHashed(), ut.getNonce(), ut.getCreatedTime());
    } else {
        // Try authenticating using WSS4J internal info (previously set into SecurityContext by WSS4JInInterceptor)
        Principal p = context.getUserPrincipal();
        if (!(p instanceof UsernameTokenPrincipal)) {
            throw Messages.MESSAGES.couldNotGetSubjectInfo();
        }
        UsernameTokenPrincipal up = (UsernameTokenPrincipal) p;
        subject = helper.createSubject(authenticationManger, up.getName(), up.getPassword(), up.isPasswordDigest(), up.getNonce(), up.getCreatedTime());
    }
    Principal principal = getPrincipal(context.getUserPrincipal(), subject);
    message.put(SecurityContext.class, createSecurityContext(principal, subject));
}
Also used : SecurityToken(org.apache.cxf.common.security.SecurityToken) UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal) SecurityContext(org.apache.cxf.security.SecurityContext) UsernameToken(org.apache.cxf.common.security.UsernameToken) JBossAuthenticationManager(org.jboss.security.plugins.JBossAuthenticationManager) Subject(javax.security.auth.Subject) Principal(java.security.Principal) UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)

Example 30 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project testcases by coheigea.

the class XACML3AuthorizingInterceptor method handleMessage.

public void handleMessage(Message message) throws Fault {
    SecurityContext sc = message.get(SecurityContext.class);
    if (sc instanceof LoginSecurityContext) {
        Principal principal = sc.getUserPrincipal();
        LoginSecurityContext loginSecurityContext = (LoginSecurityContext) sc;
        Set<Principal> principalRoles = loginSecurityContext.getUserRoles();
        List<String> roles = new ArrayList<String>();
        if (principalRoles != null) {
            for (Principal p : principalRoles) {
                if (p != principal) {
                    roles.add(p.getName());
                }
            }
        }
        try {
            if (authorize(principal, roles, message)) {
                return;
            }
        } catch (Exception e) {
            LOG.log(Level.FINE, "Unauthorized: " + e.getMessage(), e);
            throw new AccessDeniedException("Unauthorized");
        }
    } else {
        LOG.log(Level.FINE, "The SecurityContext was not an instance of LoginSecurityContext. No authorization " + "is possible as a result");
    }
    throw new AccessDeniedException("Unauthorized");
}
Also used : AccessDeniedException(org.apache.cxf.interceptor.security.AccessDeniedException) SecurityContext(org.apache.cxf.security.SecurityContext) LoginSecurityContext(org.apache.cxf.security.LoginSecurityContext) LoginSecurityContext(org.apache.cxf.security.LoginSecurityContext) ArrayList(java.util.ArrayList) Principal(java.security.Principal) AccessDeniedException(org.apache.cxf.interceptor.security.AccessDeniedException)

Aggregations

SecurityContext (org.apache.cxf.security.SecurityContext)74 Principal (java.security.Principal)26 Message (org.apache.cxf.message.Message)16 Subject (javax.security.auth.Subject)13 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)12 DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)11 SimplePrincipal (org.apache.cxf.common.security.SimplePrincipal)10 Test (org.junit.Test)10 ArrayList (java.util.ArrayList)9 SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)9 WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)9 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)8 LoginSecurityContext (org.apache.cxf.security.LoginSecurityContext)7 QName (javax.xml.namespace.QName)6 SecurityToken (org.apache.cxf.common.security.SecurityToken)6 MessageImpl (org.apache.cxf.message.MessageImpl)6 HashMap (java.util.HashMap)5 UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)5 Element (org.w3c.dom.Element)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial