Examples with SecurityContext org.apache.cxf.security.SecurityContext used on opensource projects

Search in sources :

Example 41 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class WSS4JPrincipalInterceptor method handleMessage.

@Override
public void handleMessage(SoapMessage message) throws Fault {
    SecurityContext context = message.get(SecurityContext.class);
    if (context == null) {
        throw new SoapFault("No Security Context", Fault.FAULT_CODE_SERVER);
    }
    Principal principal = context.getUserPrincipal();
    if (principal == null) {
        throw new SoapFault("No Security Principal", Fault.FAULT_CODE_SERVER);
    }
    if (principalName != null && !principalName.equals(principal.getName())) {
        throw new SoapFault("Security Principal does not match", Fault.FAULT_CODE_SERVER);
    }
}
Also used : SoapFault(org.apache.cxf.binding.soap.SoapFault) SecurityContext(org.apache.cxf.security.SecurityContext) Principal(java.security.Principal)

Example 42 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class SamlTokenTest method testUnsignedSaml1TokenWithPrincipal.

@Test
public void testUnsignedSaml1TokenWithPrincipal() throws Exception {
    SecurityContext ctx = testSaml1Token(true);
    assertTrue(ctx.getUserPrincipal() instanceof SAMLTokenPrincipal);
}
Also used : SAMLTokenPrincipal(org.apache.wss4j.common.principal.SAMLTokenPrincipal) SecurityContext(org.apache.cxf.security.SecurityContext) AbstractSecurityTest(org.apache.cxf.ws.security.wss4j.AbstractSecurityTest) Test(org.junit.Test)

Example 43 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class SamlTokenTest method testSaml1TokenWithRoles.

/**
 * This test creates a SAML1 Assertion and sends it in the security header to the provider.
 */
@Test
public void testSaml1TokenWithRoles() throws Exception {
    Map<String, Object> outProperties = new HashMap<>();
    outProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_UNSIGNED);
    outProperties.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
    outProperties.put(ConfigurationConstants.USER, "alice");
    outProperties.put("password", "password");
    outProperties.put(ConfigurationConstants.SIG_PROP_FILE, "alice.properties");
    SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
    callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
    callbackHandler.setSignAssertion(true);
    callbackHandler.setStatement(Statement.ATTR);
    callbackHandler.setConfirmationMethod(SAML1Constants.CONF_BEARER);
    outProperties.put(ConfigurationConstants.SAML_CALLBACK_REF, callbackHandler);
    Map<String, Object> inProperties = new HashMap<>();
    inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED);
    inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "insecurity.properties");
    final Map<QName, Object> customMap = new HashMap<>();
    CustomSamlValidator validator = new CustomSamlValidator();
    validator.setRequireSAML1Assertion(true);
    validator.setRequireSenderVouches(false);
    validator.setRequireBearer(true);
    customMap.put(WSConstants.SAML_TOKEN, validator);
    customMap.put(WSConstants.SAML2_TOKEN, validator);
    inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
    List<String> xpaths = new ArrayList<>();
    xpaths.add("//wsse:Security");
    xpaths.add("//wsse:Security/saml1:Assertion");
    Map<String, String> inMessageProperties = new HashMap<>();
    inMessageProperties.put(SecurityConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, "false");
    Message message = makeInvocation(outProperties, xpaths, inProperties, inMessageProperties);
    final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
    SecurityContext sc = message.get(SecurityContext.class);
    assertNotNull(sc);
    assertTrue(sc.isUserInRole("user"));
    assertTrue(sc.isUserInRole("admin"));
    WSSecurityEngineResult actionResult = handlerResults.get(0).getActionResults().get(WSConstants.ST_SIGNED).get(0);
    SamlAssertionWrapper receivedAssertion = (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
    assertTrue(receivedAssertion != null && receivedAssertion.getSaml1() != null);
    assertTrue(receivedAssertion.isSigned());
}
Also used : Message(org.apache.cxf.message.Message) SoapMessage(org.apache.cxf.binding.soap.SoapMessage) SOAPMessage(javax.xml.soap.SOAPMessage) HashMap(java.util.HashMap) QName(javax.xml.namespace.QName) ArrayList(java.util.ArrayList) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) SecurityContext(org.apache.cxf.security.SecurityContext) AbstractSecurityTest(org.apache.cxf.ws.security.wss4j.AbstractSecurityTest) Test(org.junit.Test)

Example 44 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class CustomWSS4JSecurityContextCreator method createSecurityContext.

/**
 * Create a SecurityContext and store it on the SoapMessage parameter
 */
public void createSecurityContext(SoapMessage msg, WSHandlerResult handlerResult) {
    Map<Integer, List<WSSecurityEngineResult>> actionResults = handlerResult.getActionResults();
    Principal asymmetricPrincipal = null;
    // Get Asymmetric Signature action
    List<WSSecurityEngineResult> foundResults = actionResults.get(WSConstants.SIGN);
    if (foundResults != null && !foundResults.isEmpty()) {
        for (WSSecurityEngineResult result : foundResults) {
            PublicKey publickey = (PublicKey) result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
            X509Certificate cert = (X509Certificate) result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
            if (publickey == null && cert == null) {
                continue;
            }
            SecurityContext context = createSecurityContext(msg, true, result);
            if (context != null && context.getUserPrincipal() != null) {
                asymmetricPrincipal = context.getUserPrincipal();
                break;
            }
        }
    }
    // We must have an asymmetric principal
    if (asymmetricPrincipal == null) {
        return;
    }
    // Get signed SAML action
    SAMLSecurityContext context = null;
    foundResults = actionResults.get(WSConstants.ST_SIGNED);
    if (foundResults != null && !foundResults.isEmpty()) {
        for (WSSecurityEngineResult result : foundResults) {
            Object receivedAssertion = result.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
            if (receivedAssertion == null) {
                receivedAssertion = result.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
            }
            if (receivedAssertion instanceof SamlAssertionWrapper) {
                String roleAttributeName = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, msg);
                if (roleAttributeName == null || roleAttributeName.length() == 0) {
                    roleAttributeName = WSS4JInInterceptor.SAML_ROLE_ATTRIBUTENAME_DEFAULT;
                }
                ClaimCollection claims = SAMLUtils.getClaims((SamlAssertionWrapper) receivedAssertion);
                Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, roleAttributeName, null);
                context = new SAMLSecurityContext(asymmetricPrincipal, roles, claims);
                context.setIssuer(SAMLUtils.getIssuer(receivedAssertion));
                context.setAssertionElement(SAMLUtils.getAssertionElement(receivedAssertion));
                break;
            }
        }
    }
    if (context != null) {
        msg.put(SecurityContext.class, context);
    }
}
Also used : PublicKey(java.security.PublicKey) SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) X509Certificate(java.security.cert.X509Certificate) SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) SecurityContext(org.apache.cxf.security.SecurityContext) List(java.util.List) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) Principal(java.security.Principal)

Example 45 with SecurityContext

use of org.apache.cxf.security.SecurityContext in project cxf by apache.

the class JAXRSIntermediaryPortTypeImpl method doubleIt.

public int doubleIt(int numberToDouble) {
    URL wsdl = JAXRSIntermediaryPortTypeImpl.class.getResource("DoubleIt.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port");
    DoubleItPortType transportPort = service.getPort(portQName, DoubleItPortType.class);
    try {
        updateAddressPort(transportPort, KerberosDelegationTokenTest.PORT);
    } catch (Exception ex) {
        ex.printStackTrace();
    }
    // Retrieve delegated credential + set it on the outbound message
    SecurityContext securityContext = PhaseInterceptorChain.getCurrentMessage().get(SecurityContext.class);
    if (securityContext instanceof KerberosSecurityContext) {
        KerberosSecurityContext ksc = (KerberosSecurityContext) securityContext;
        try {
            GSSCredential delegatedCredential = ksc.getGSSContext().getDelegCred();
            Map<String, Object> context = ((BindingProvider) transportPort).getRequestContext();
            context.put(SecurityConstants.DELEGATED_CREDENTIAL, delegatedCredential);
        } catch (GSSException e) {
            e.printStackTrace();
        }
    }
    return transportPort.doubleIt(numberToDouble);
}
Also used : KerberosSecurityContext(org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter.KerberosSecurityContext) QName(javax.xml.namespace.QName) WebService(javax.jws.WebService) Service(javax.xml.ws.Service) BindingProvider(javax.xml.ws.BindingProvider) URL(java.net.URL) GSSException(org.ietf.jgss.GSSException) GSSException(org.ietf.jgss.GSSException) GSSCredential(org.ietf.jgss.GSSCredential) SecurityContext(org.apache.cxf.security.SecurityContext) KerberosSecurityContext(org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter.KerberosSecurityContext) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType)

Aggregations

SecurityContext (org.apache.cxf.security.SecurityContext)74 Principal (java.security.Principal)26 Message (org.apache.cxf.message.Message)16 Subject (javax.security.auth.Subject)13 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)12 DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)11 SimplePrincipal (org.apache.cxf.common.security.SimplePrincipal)10 Test (org.junit.Test)10 ArrayList (java.util.ArrayList)9 SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)9 WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)9 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)8 LoginSecurityContext (org.apache.cxf.security.LoginSecurityContext)7 QName (javax.xml.namespace.QName)6 SecurityToken (org.apache.cxf.common.security.SecurityToken)6 MessageImpl (org.apache.cxf.message.MessageImpl)6 HashMap (java.util.HashMap)5 UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)5 Element (org.w3c.dom.Element)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial