Examples with SecurityContext org.apache.cxf.security.SecurityContext used on opensource projects

Example 31 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project wildfly by wildfly.

the class SamlSecurityContextInInterceptor method handleMessage.

@Override
public void handleMessage(SoapMessage message) throws Fault {
    final SecurityContext securityContext = message.get(SecurityContext.class);
    final Principal principal = securityContext.getUserPrincipal();
    final String name = principal.getName();
    final Endpoint endpoint = message.getExchange().get(Endpoint.class);
    final SecurityDomainContext securityDomainContext = endpoint.getSecurityDomainContext();
    Principal simplePrincipal = new SimplePrincipal(name);
    Subject subject = new Subject(false, Collections.singleton(simplePrincipal), Collections.emptySet(), Collections.emptySet());
    securityDomainContext.pushSubjectContext(subject, simplePrincipal, null);
    message.put(SecurityContext.class, new DefaultSecurityContext(simplePrincipal, subject));
}

Example 32 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project tomee by apache.

the class JAASLoginInterceptor method handleMessage.

public void handleMessage(final Message message) {
    if (allowNamedPrincipals) {
        SecurityContext sc = message.get(SecurityContext.class);
        if (sc != null && sc.getUserPrincipal() != null && sc.getUserPrincipal().getName() != null) {
            return;
        }
    }
    CallbackHandler handler = getFirstCallbackHandler(message);
    if (handler == null && !allowAnonymous) {
        throw new AuthenticationException("Authentication required but no authentication information was supplied");
    }
    try {
        LoginContext ctx = new LoginContext(getContextName(), null, handler, loginConfig);
        ctx.login();
        Subject subject = ctx.getSubject();
        String name = getUsername(handler);
        message.put(SecurityContext.class, createSecurityContext(name, subject));
        // This allows other code to retrieve the subject using pure JAAS
        if (useDoAs) {
            Subject.doAs(subject, new PrivilegedAction<Void>() {

                @Override
                public Void run() {
                    InterceptorChain chain = message.getInterceptorChain();
                    if (chain != null) {
                        message.put("suspend.chain.on.current.interceptor", Boolean.TRUE);
                        chain.doIntercept(message);
                    }
                    return null;
                }
            });
        }
    } catch (LoginException ex) {
        String errorMessage = "Authentication failed: " + ex.getMessage();
        LOG.log(Level.FINE, errorMessage, ex);
        if (reportFault) {
            AuthenticationException aex = new AuthenticationException(errorMessage);
            aex.initCause(ex);
            throw aex;
        }
        throw new AuthenticationException("Authentication failed (details can be found in server log)");
    }
}

Example 33 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project OpenAM by OpenRock.

the class OpenAMSessionTokenServerInterceptor method processToken.

/**
     * This method is called in-bound on the server-side - validate-request in JASPI terms. The method must validate the
     * OpenAM session id with OpenAM, and, if validation is successful, populate the wss4j results with state corresponding
     * to the token validation. It will also assert the relevant tokens, which means affirm that the assertions corresponding
     * to the OpenAMSessionToken have been successfully fulfilled.
     * @param message The message encapsulating the soap invocation.
     * @throws Fault if the OpenAM session in the BinarySecurityToken in invalid.
     */
@Override
protected void processToken(SoapMessage message) throws Fault {
    Header header = findSecurityHeader(message, false);
    if (header == null) {
        return;
    }
    Element el = (Element) header.getObject();
    Element child = DOMUtils.getFirstElement(el);
    while (child != null) {
        if (WSConstants.BINARY_TOKEN_LN.equals(child.getLocalName()) && WSConstants.WSSE_NS.equals(child.getNamespaceURI()) && AMSTSConstants.AM_SESSION_TOKEN_ASSERTION_BST_VALUE_TYPE.equals(child.getAttribute("ValueType"))) {
            try {
                List<WSSecurityEngineResult> validationResults = validateToken(child);
                if (validationResults != null) {
                    List<WSHandlerResult> results = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
                    if (results == null) {
                        results = new ArrayList<WSHandlerResult>();
                        message.put(WSHandlerConstants.RECV_RESULTS, results);
                    }
                    WSHandlerResult rResult = new WSHandlerResult(null, validationResults);
                    results.add(0, rResult);
                    assertTokens(message);
                    Principal principal = (Principal) validationResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
                    message.put(WSS4JInInterceptor.PRINCIPAL_RESULT, principal);
                    SecurityContext sc = message.get(SecurityContext.class);
                    if (sc == null || sc.getUserPrincipal() == null) {
                        message.put(SecurityContext.class, new DefaultSecurityContext(principal, null));
                    }
                }
            } catch (WSSecurityException ex) {
                throw new Fault(ex);
            }
        }
        child = DOMUtils.getNextElement(child);
    }
}

Example 34 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project camel by apache.

the class DefaultCxfRsBinding method populateExchangeFromCxfRsRequest.

public void populateExchangeFromCxfRsRequest(org.apache.cxf.message.Exchange cxfExchange, Exchange camelExchange, Method method, Object[] paramArray) {
    Message camelMessage = camelExchange.getIn();
    //Copy the CXF message header into the Camel inMessage
    org.apache.cxf.message.Message cxfMessage = cxfExchange.getInMessage();
    CxfHeaderHelper.copyHttpHeadersFromCxfToCamel(headerFilterStrategy, cxfMessage, camelMessage, camelExchange);
    // TODO move to CxfHeaderHelper and use header filter strategy and CXF_TO_CAMEL_HEADERS
    // setup the charset from content-type header
    setCharsetWithContentType(camelExchange);
    //copy the protocol header
    copyProtocolHeader(cxfMessage, camelMessage, camelMessage.getExchange());
    camelMessage.setHeader(CxfConstants.CAMEL_CXF_RS_RESPONSE_CLASS, method.getReturnType());
    camelMessage.setHeader(CxfConstants.CAMEL_CXF_RS_RESPONSE_GENERIC_TYPE, method.getGenericReturnType());
    copyOperationResourceInfoStack(cxfMessage, camelMessage);
    camelMessage.setHeader(CxfConstants.OPERATION_NAME, method.getName());
    camelMessage.setHeader(CxfConstants.CAMEL_CXF_MESSAGE, cxfMessage);
    camelMessage.setBody(new MessageContentsList(paramArray));
    // propagate the security subject from CXF security context
    SecurityContext securityContext = cxfMessage.get(SecurityContext.class);
    if (securityContext instanceof LoginSecurityContext && ((LoginSecurityContext) securityContext).getSubject() != null) {
        camelExchange.getIn().getHeaders().put(Exchange.AUTHENTICATION, ((LoginSecurityContext) securityContext).getSubject());
    } else if (securityContext != null && securityContext.getUserPrincipal() != null) {
        Subject subject = new Subject();
        subject.getPrincipals().add(securityContext.getUserPrincipal());
        camelExchange.getIn().getHeaders().put(Exchange.AUTHENTICATION, subject);
    }
}

Example 35 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project camel by apache.

the class DefaultCxfBinding method populateExchangeFromCxfRequest.

/**
     * This method is called by {@link CxfConsumer}.
     */
public void populateExchangeFromCxfRequest(org.apache.cxf.message.Exchange cxfExchange, Exchange camelExchange) {
    Method method = null;
    QName operationName = null;
    ExchangePattern mep = ExchangePattern.InOut;
    // extract binding operation information
    BindingOperationInfo boi = camelExchange.getProperty(BindingOperationInfo.class.getName(), BindingOperationInfo.class);
    if (boi != null) {
        Service service = cxfExchange.get(Service.class);
        if (service != null) {
            MethodDispatcher md = (MethodDispatcher) service.get(MethodDispatcher.class.getName());
            if (md != null) {
                method = md.getMethod(boi);
            }
        }
        if (boi.getOperationInfo().isOneWay()) {
            mep = ExchangePattern.InOnly;
        }
        operationName = boi.getName();
    }
    // set operation name in header
    if (operationName != null) {
        camelExchange.getIn().setHeader(CxfConstants.OPERATION_NAMESPACE, boi.getName().getNamespaceURI());
        camelExchange.getIn().setHeader(CxfConstants.OPERATION_NAME, boi.getName().getLocalPart());
        if (LOG.isTraceEnabled()) {
            LOG.trace("Set IN header: {}={}", CxfConstants.OPERATION_NAMESPACE, boi.getName().getNamespaceURI());
            LOG.trace("Set IN header: {}={}", CxfConstants.OPERATION_NAME, boi.getName().getLocalPart());
        }
    } else if (method != null) {
        camelExchange.getIn().setHeader(CxfConstants.OPERATION_NAME, method.getName());
        if (LOG.isTraceEnabled()) {
            LOG.trace("Set IN header: {}={}", CxfConstants.OPERATION_NAME, method.getName());
        }
    }
    // set message exchange pattern
    camelExchange.setPattern(mep);
    LOG.trace("Set exchange MEP: {}", mep);
    // propagate headers
    Message cxfMessage = cxfExchange.getInMessage();
    propagateHeadersFromCxfToCamel(cxfMessage, camelExchange.getIn(), camelExchange);
    // propagate the security subject from CXF security context
    SecurityContext securityContext = cxfMessage.get(SecurityContext.class);
    if (securityContext instanceof LoginSecurityContext && ((LoginSecurityContext) securityContext).getSubject() != null) {
        camelExchange.getIn().getHeaders().put(Exchange.AUTHENTICATION, ((LoginSecurityContext) securityContext).getSubject());
    } else if (securityContext != null) {
        Principal user = securityContext.getUserPrincipal();
        if (user != null) {
            Subject subject = new Subject();
            subject.getPrincipals().add(user);
            camelExchange.getIn().getHeaders().put(Exchange.AUTHENTICATION, subject);
        }
    }
    // Propagating properties from CXF Exchange to Camel Exchange has an  
    // side effect of copying reply side stuff when the producer is retried.
    // So, we do not want to do this.
    //camelExchange.getProperties().putAll(cxfExchange);
    // propagate request context
    Object value = cxfMessage.get(Client.REQUEST_CONTEXT);
    if (value != null && !headerFilterStrategy.applyFilterToExternalHeaders(Client.REQUEST_CONTEXT, value, camelExchange)) {
        camelExchange.getIn().setHeader(Client.REQUEST_CONTEXT, value);
        LOG.trace("Populate context from CXF message {} value={}", Client.REQUEST_CONTEXT, value);
    }
    // setup the charset from content-type header
    setCharsetWithContentType(camelExchange);
    // set body
    String encoding = (String) camelExchange.getProperty(Exchange.CHARSET_NAME);
    Object body = DefaultCxfBinding.getContentFromCxf(cxfMessage, camelExchange.getProperty(CxfConstants.DATA_FORMAT_PROPERTY, DataFormat.class), encoding);
    if (body != null) {
        camelExchange.getIn().setBody(body);
    }
    // propagate attachments if the data format is not POJO        
    if (cxfMessage.getAttachments() != null && !camelExchange.getProperty(CxfConstants.DATA_FORMAT_PROPERTY, DataFormat.class).equals(DataFormat.POJO)) {
        for (Attachment attachment : cxfMessage.getAttachments()) {
            camelExchange.getIn().addAttachmentObject(attachment.getId(), createCamelAttachment(attachment));
        }
    }
}