Examples with SecurityContext org.apache.cxf.security.SecurityContext used on opensource projects

Search in sources :

Example 36 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project camel by apache.

the class DefaultCxfMessageMapperTest method testSecurityContext.

@Test
public void testSecurityContext() {
    DefaultCxfMessageMapper mapper = new DefaultCxfMessageMapper();
    HttpServletRequest request = EasyMock.createMock(HttpServletRequest.class);
    request.getUserPrincipal();
    EasyMock.expectLastCall().andReturn(new SimplePrincipal("barry"));
    request.isUserInRole("role1");
    EasyMock.expectLastCall().andReturn(true);
    request.isUserInRole("role2");
    EasyMock.expectLastCall().andReturn(false);
    EasyMock.replay(request);
    Exchange camelExchange = setupCamelExchange("/", "/", request);
    Message cxfMessage = mapper.createCxfMessageFromCamelExchange(camelExchange, EasyMock.createMock(HeaderFilterStrategy.class));
    SecurityContext sc = cxfMessage.get(SecurityContext.class);
    assertNotNull(sc);
    assertEquals("barry", sc.getUserPrincipal().getName());
    assertTrue(sc.isUserInRole("role1"));
    assertFalse(sc.isUserInRole("role2"));
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Exchange(org.apache.camel.Exchange) Message(org.apache.cxf.message.Message) SecurityContext(org.apache.cxf.security.SecurityContext) HeaderFilterStrategy(org.apache.camel.spi.HeaderFilterStrategy) SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal) Test(org.junit.Test)

Example 37 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class UsernameTokenInterceptor method processToken.

protected void processToken(SoapMessage message) {
    Header h = findSecurityHeader(message, false);
    if (h == null) {
        return;
    }
    boolean utWithCallbacks = MessageUtils.getContextualBoolean(message, SecurityConstants.VALIDATE_TOKEN, true);
    Element el = (Element) h.getObject();
    Element child = DOMUtils.getFirstElement(el);
    while (child != null) {
        if (SPConstants.USERNAME_TOKEN.equals(child.getLocalName()) && WSS4JConstants.WSSE_NS.equals(child.getNamespaceURI())) {
            try {
                boolean bspCompliant = isWsiBSPCompliant(message);
                Principal principal = null;
                Subject subject = null;
                Object transformedToken = null;
                if (utWithCallbacks) {
                    final WSSecurityEngineResult result = validateToken(child, message);
                    subject = (Subject) result.get(WSSecurityEngineResult.TAG_SUBJECT);
                    transformedToken = result.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
                    principal = (Principal) result.get(WSSecurityEngineResult.TAG_PRINCIPAL);
                    if (principal == null) {
                        principal = parseTokenAndCreatePrincipal(child, bspCompliant);
                    }
                } else {
                    principal = parseTokenAndCreatePrincipal(child, bspCompliant);
                    WSS4JTokenConverter.convertToken(message, principal);
                }
                SecurityContext sc = message.get(SecurityContext.class);
                if (sc == null || sc.getUserPrincipal() == null) {
                    if (transformedToken instanceof SamlAssertionWrapper) {
                        message.put(SecurityContext.class, createSecurityContext(message, (SamlAssertionWrapper) transformedToken));
                    } else if (subject != null && principal != null) {
                        message.put(SecurityContext.class, createSecurityContext(principal, subject));
                    } else {
                        UsernameTokenPrincipal utPrincipal = (UsernameTokenPrincipal) principal;
                        String nonce = null;
                        if (utPrincipal.getNonce() != null) {
                            nonce = Base64.getMimeEncoder().encodeToString(utPrincipal.getNonce());
                        }
                        subject = createSubject(utPrincipal.getName(), utPrincipal.getPassword(), utPrincipal.isPasswordDigest(), nonce, utPrincipal.getCreatedTime());
                        message.put(SecurityContext.class, createSecurityContext(utPrincipal, subject));
                    }
                }
                if (principal instanceof UsernameTokenPrincipal) {
                    storeResults((UsernameTokenPrincipal) principal, subject, message);
                }
            } catch (WSSecurityException ex) {
                throw new Fault(ex);
            } catch (Base64DecodingException ex) {
                throw new Fault(ex);
            }
        }
        child = DOMUtils.getNextElement(child);
    }
}
Also used : Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Fault(org.apache.cxf.interceptor.Fault) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) Subject(javax.security.auth.Subject) Base64DecodingException(org.apache.xml.security.exceptions.Base64DecodingException) Header(org.apache.cxf.headers.Header) UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal) SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) SecurityContext(org.apache.cxf.security.SecurityContext) Principal(java.security.Principal) UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)

Example 38 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class AbstractUsernameTokenAuthenticatingInterceptor method handleMessage.

@Override
public void handleMessage(SoapMessage msg) throws Fault {
    SecurityToken token = msg.get(SecurityToken.class);
    SecurityContext context = msg.get(SecurityContext.class);
    if (token == null || context == null || context.getUserPrincipal() == null) {
        super.handleMessage(msg);
        return;
    }
    UsernameToken ut = (UsernameToken) token;
    Subject subject = createSubject(ut.getName(), ut.getPassword(), ut.isHashed(), ut.getNonce(), ut.getCreatedTime());
    SecurityContext sc = doCreateSecurityContext(context.getUserPrincipal(), subject);
    msg.put(SecurityContext.class, sc);
}
Also used : SecurityToken(org.apache.cxf.common.security.SecurityToken) DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) SecurityContext(org.apache.cxf.security.SecurityContext) UsernameToken(org.apache.cxf.common.security.UsernameToken) Subject(javax.security.auth.Subject)

Example 39 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class BinarySecurityTokenInterceptor method processToken.

protected void processToken(SoapMessage message) {
    Header h = findSecurityHeader(message, false);
    if (h == null) {
        return;
    }
    Element el = (Element) h.getObject();
    Element child = DOMUtils.getFirstElement(el);
    while (child != null) {
        if (WSS4JConstants.BINARY_TOKEN_LN.equals(child.getLocalName()) && WSS4JConstants.WSSE_NS.equals(child.getNamespaceURI())) {
            try {
                List<WSSecurityEngineResult> bstResults = processToken(child, message);
                if (bstResults != null) {
                    List<WSHandlerResult> results = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
                    if (results == null) {
                        results = new ArrayList<>();
                        message.put(WSHandlerConstants.RECV_RESULTS, results);
                    }
                    WSHandlerResult rResult = new WSHandlerResult(null, bstResults, Collections.singletonMap(WSConstants.BST, bstResults));
                    results.add(0, rResult);
                    assertTokens(message);
                    Principal principal = (Principal) bstResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
                    SecurityContext sc = message.get(SecurityContext.class);
                    if (sc == null || sc.getUserPrincipal() == null) {
                        message.put(SecurityContext.class, new DefaultSecurityContext(principal, null));
                    }
                }
            } catch (WSSecurityException ex) {
                throw WSS4JUtils.createSoapFault(message, message.getVersion(), ex);
            }
        }
        child = DOMUtils.getNextElement(child);
    }
}
Also used : DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) Header(org.apache.cxf.headers.Header) Element(org.w3c.dom.Element) DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) SecurityContext(org.apache.cxf.security.SecurityContext) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult) Principal(java.security.Principal)

Example 40 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class DefaultWSS4JSecurityContextCreator method createSecurityContext.

/**
 * Create a SecurityContext and store it on the SoapMessage parameter
 */
public void createSecurityContext(SoapMessage msg, WSHandlerResult handlerResult) {
    boolean allowUnsignedSamlPrincipals = SecurityUtils.getSecurityPropertyBoolean(SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, msg, false);
    boolean allowUTNoPassword = SecurityUtils.getSecurityPropertyBoolean(SecurityConstants.ENABLE_UT_NOPASSWORD_PRINCIPAL, msg, false);
    boolean useJAASSubject = true;
    String useJAASSubjectStr = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SC_FROM_JAAS_SUBJECT, msg);
    if (useJAASSubjectStr != null) {
        useJAASSubject = Boolean.parseBoolean(useJAASSubjectStr);
    }
    // Now go through the results in a certain order to set up a security context. Highest priority is first.
    Map<Integer, List<WSSecurityEngineResult>> actionResults = handlerResult.getActionResults();
    for (Integer resultPriority : securityPriorities) {
        if ((resultPriority == WSConstants.ST_UNSIGNED && !allowUnsignedSamlPrincipals) || (resultPriority == WSConstants.UT_NOPASSWORD && !allowUTNoPassword)) {
            continue;
        }
        List<WSSecurityEngineResult> foundResults = actionResults.get(resultPriority);
        if (foundResults != null && !foundResults.isEmpty()) {
            for (WSSecurityEngineResult result : foundResults) {
                if (!skipResult(resultPriority, result)) {
                    SecurityContext context = createSecurityContext(msg, useJAASSubject, result);
                    if (context != null) {
                        msg.put(SecurityContext.class, context);
                        return;
                    }
                }
            }
        }
    }
}
Also used : SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) SecurityContext(org.apache.cxf.security.SecurityContext) ArrayList(java.util.ArrayList) List(java.util.List) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)

Aggregations

SecurityContext (org.apache.cxf.security.SecurityContext)74 Principal (java.security.Principal)26 Message (org.apache.cxf.message.Message)16 Subject (javax.security.auth.Subject)13 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)12 DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)11 SimplePrincipal (org.apache.cxf.common.security.SimplePrincipal)10 Test (org.junit.Test)10 ArrayList (java.util.ArrayList)9 SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)9 WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)9 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)8 LoginSecurityContext (org.apache.cxf.security.LoginSecurityContext)7 QName (javax.xml.namespace.QName)6 SecurityToken (org.apache.cxf.common.security.SecurityToken)6 MessageImpl (org.apache.cxf.message.MessageImpl)6 HashMap (java.util.HashMap)5 UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)5 Element (org.w3c.dom.Element)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial