Examples with AssertionInfoMap org.apache.cxf.ws.policy.AssertionInfoMap used on opensource projects
Example 26 with AssertionInfoMap
use of org.apache.cxf.ws.policy.AssertionInfoMap in project cxf by apache.
the class UsernameTokenInterceptor method assertTokens.
protected UsernameToken assertTokens(SoapMessage message) {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
PolicyUtils.assertPolicy(aim, SPConstants.USERNAME_TOKEN10);
PolicyUtils.assertPolicy(aim, SPConstants.USERNAME_TOKEN11);
PolicyUtils.assertPolicy(aim, SPConstants.HASH_PASSWORD);
PolicyUtils.assertPolicy(aim, SPConstants.NO_PASSWORD);
PolicyUtils.assertPolicy(aim, SP13Constants.NONCE);
PolicyUtils.assertPolicy(aim, SP13Constants.CREATED);
return (UsernameToken) assertTokens(message, SPConstants.USERNAME_TOKEN, true);
}
Also used :
UsernameToken(org.apache.wss4j.policy.model.UsernameToken)
WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
Example 27 with AssertionInfoMap
use of org.apache.cxf.ws.policy.AssertionInfoMap in project cxf by apache.
the class SamlTokenInterceptor method assertTokens.
protected AbstractToken assertTokens(SoapMessage message) {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
PolicyUtils.assertPolicy(aim, "WssSamlV11Token10");
PolicyUtils.assertPolicy(aim, "WssSamlV11Token11");
PolicyUtils.assertPolicy(aim, "WssSamlV20Token11");
return assertTokens(message, SPConstants.SAML_TOKEN, true);
}
Also used :
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
Example 28 with AssertionInfoMap
use of org.apache.cxf.ws.policy.AssertionInfoMap in project cxf by apache.
the class SamlTokenInterceptor method processToken.
protected void processToken(SoapMessage message) {
Header h = findSecurityHeader(message, false);
if (h == null) {
return;
}
Element el = (Element) h.getObject();
Element child = DOMUtils.getFirstElement(el);
while (child != null) {
if ("Assertion".equals(child.getLocalName()) && (WSS4JConstants.SAML_NS.equals(child.getNamespaceURI()) || WSS4JConstants.SAML2_NS.equals(child.getNamespaceURI()))) {
try {
List<WSSecurityEngineResult> samlResults = processToken(child, message);
if (samlResults != null) {
List<WSHandlerResult> results = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
if (results == null) {
results = new ArrayList<>();
message.put(WSHandlerConstants.RECV_RESULTS, results);
}
boolean signed = false;
for (WSSecurityEngineResult result : samlResults) {
SamlAssertionWrapper wrapper = (SamlAssertionWrapper) result.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
if (wrapper.isSigned()) {
signed = true;
break;
}
}
assertTokens(message, SPConstants.SAML_TOKEN, signed);
Integer key = WSConstants.ST_UNSIGNED;
if (signed) {
key = WSConstants.ST_SIGNED;
}
WSHandlerResult rResult = new WSHandlerResult(null, samlResults, Collections.singletonMap(key, samlResults));
results.add(0, rResult);
// Check version against policy
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
for (AssertionInfo ai : PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SAML_TOKEN)) {
SamlToken samlToken = (SamlToken) ai.getAssertion();
for (WSSecurityEngineResult result : samlResults) {
SamlAssertionWrapper assertionWrapper = (SamlAssertionWrapper) result.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
if (!checkVersion(aim, samlToken, assertionWrapper)) {
ai.setNotAsserted("Wrong SAML Version");
}
TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
Certificate[] tlsCerts = null;
if (tlsInfo != null) {
tlsCerts = tlsInfo.getPeerCertificates();
}
if (!DOMSAMLUtil.checkHolderOfKey(assertionWrapper, null, tlsCerts)) {
ai.setNotAsserted("Assertion fails holder-of-key requirements");
continue;
}
if (!DOMSAMLUtil.checkSenderVouches(assertionWrapper, tlsCerts, null, null)) {
ai.setNotAsserted("Assertion fails sender-vouches requirements");
continue;
}
}
}
if (signed) {
Principal principal = (Principal) samlResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
SecurityContext sc = message.get(SecurityContext.class);
if (sc == null || sc.getUserPrincipal() == null) {
message.put(SecurityContext.class, new DefaultSecurityContext(principal, null));
}
}
}
} catch (WSSecurityException ex) {
throw WSS4JUtils.createSoapFault(message, message.getVersion(), ex);
}
}
child = DOMUtils.getNextElement(child);
}
}
Also used :
DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext)
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
SamlToken(org.apache.wss4j.policy.model.SamlToken)
Element(org.w3c.dom.Element)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
Header(org.apache.cxf.headers.Header)
DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
TLSSessionInfo(org.apache.cxf.security.transport.TLSSessionInfo)
Principal(java.security.Principal)
Certificate(java.security.cert.Certificate)
Example 29 with AssertionInfoMap
use of org.apache.cxf.ws.policy.AssertionInfoMap in project cxf by apache.
the class AbstractCommonBindingHandler method unassertPolicy.
protected void unassertPolicy(Assertion assertion, String reason) {
if (assertion == null) {
return;
}
if (LOG.isLoggable(Level.FINE)) {
LOG.log(Level.FINE, "Not asserting " + assertion.getName() + ": " + reason);
}
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> ais = aim.get(assertion.getName());
if (ais != null) {
for (AssertionInfo ai : ais) {
if (ai.getAssertion() == assertion) {
ai.setNotAsserted(reason);
}
}
}
if (!assertion.isOptional()) {
throw new PolicyException(new Message(reason, LOG));
}
}
Also used :
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
Message(org.apache.cxf.common.i18n.Message)
SoapMessage(org.apache.cxf.binding.soap.SoapMessage)
PolicyException(org.apache.cxf.ws.policy.PolicyException)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
Example 30 with AssertionInfoMap
use of org.apache.cxf.ws.policy.AssertionInfoMap in project cxf by apache.
the class AbstractCommonBindingHandler method assertPolicy.
protected void assertPolicy(Assertion assertion) {
if (assertion == null) {
return;
}
if (LOG.isLoggable(Level.FINE)) {
LOG.log(Level.FINE, "Asserting " + assertion.getName());
}
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> ais = aim.get(assertion.getName());
if (ais != null) {
for (AssertionInfo ai : ais) {
if (ai.getAssertion() == assertion) {
ai.setAsserted(true);
}
}
}
}
Also used :
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
Aggregations
AssertionInfoMap (org.apache.cxf.ws.policy.AssertionInfoMap)65
AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)44
QName (javax.xml.namespace.QName)15
SoapMessage (org.apache.cxf.binding.soap.SoapMessage)12
Message (org.apache.cxf.message.Message)10
ArrayList (java.util.ArrayList)9
PolicyException (org.apache.cxf.ws.policy.PolicyException)7
Fault (org.apache.cxf.interceptor.Fault)6
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)6
Element (org.w3c.dom.Element)6
Exchange (org.apache.cxf.message.Exchange)5
TokenStoreException (org.apache.cxf.ws.security.tokenstore.TokenStoreException)5
Policy (org.apache.neethi.Policy)5
Message (org.apache.cxf.common.i18n.Message)4
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)4
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)4
SOAPException (javax.xml.soap.SOAPException)3
Header (org.apache.cxf.headers.Header)3
PolicyAssertion (org.apache.cxf.ws.policy.PolicyAssertion)3
WSSecUsernameToken (org.apache.wss4j.dom.message.WSSecUsernameToken)3
