Examples with AssertionInfoMap org.apache.cxf.ws.policy.AssertionInfoMap used on opensource projects

Search in sources :

Example 36 with AssertionInfoMap

use of org.apache.cxf.ws.policy.AssertionInfoMap in project cxf by apache.

the class StaxAsymmetricBindingHandler method handleBinding.

public void handleBinding() {
    AssertionInfoMap aim = getMessage().get(AssertionInfoMap.class);
    configureTimestamp(aim);
    assertPolicy(abinding.getName());
    String asymSignatureAlgorithm = (String) getMessage().getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
    if (asymSignatureAlgorithm != null && abinding.getAlgorithmSuite() != null) {
        abinding.getAlgorithmSuite().getAlgorithmSuiteType().setAsymmetricSignature(asymSignatureAlgorithm);
    }
    String symSignatureAlgorithm = (String) getMessage().getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
    if (symSignatureAlgorithm != null && abinding.getAlgorithmSuite() != null) {
        abinding.getAlgorithmSuite().getAlgorithmSuiteType().setSymmetricSignature(symSignatureAlgorithm);
    }
    if (abinding.getProtectionOrder() == AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning) {
        doEncryptBeforeSign();
        assertPolicy(new QName(abinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_BEFORE_SIGNING));
    } else {
        doSignBeforeEncrypt();
        assertPolicy(new QName(abinding.getName().getNamespaceURI(), SPConstants.SIGN_BEFORE_ENCRYPTING));
    }
    configureLayout(aim);
    assertAlgorithmSuite(abinding.getAlgorithmSuite());
    assertWSSProperties(abinding.getName().getNamespaceURI());
    assertTrustProperties(abinding.getName().getNamespaceURI());
    assertPolicy(new QName(abinding.getName().getNamespaceURI(), SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
    if (abinding.isProtectTokens()) {
        assertPolicy(new QName(abinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS));
    }
}
Also used : QName(javax.xml.namespace.QName) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Example 37 with AssertionInfoMap

use of org.apache.cxf.ws.policy.AssertionInfoMap in project cxf by apache.

the class StaxTransportBindingHandler method handleBinding.

public void handleBinding() {
    AssertionInfoMap aim = getMessage().get(AssertionInfoMap.class);
    configureTimestamp(aim);
    if (this.isRequestor()) {
        if (tbinding != null) {
            assertPolicy(tbinding.getName());
            String asymSignatureAlgorithm = (String) getMessage().getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
            if (asymSignatureAlgorithm != null && tbinding.getAlgorithmSuite() != null) {
                tbinding.getAlgorithmSuite().getAlgorithmSuiteType().setAsymmetricSignature(asymSignatureAlgorithm);
            }
            String symSignatureAlgorithm = (String) getMessage().getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
            if (symSignatureAlgorithm != null && tbinding.getAlgorithmSuite() != null) {
                tbinding.getAlgorithmSuite().getAlgorithmSuiteType().setSymmetricSignature(symSignatureAlgorithm);
            }
            TransportToken token = tbinding.getTransportToken();
            if (token.getToken() instanceof IssuedToken) {
                try {
                    SecurityToken secToken = getSecurityToken();
                    if (secToken == null) {
                        unassertPolicy(token.getToken(), "No transport token id");
                        return;
                    }
                    addIssuedToken(token.getToken(), secToken, false, false);
                } catch (TokenStoreException e) {
                    LOG.log(Level.FINE, e.getMessage(), e);
                    throw new Fault(e);
                }
            }
            assertToken(token.getToken());
            assertTokenWrapper(token);
        }
        try {
            handleNonEndorsingSupportingTokens(aim);
            handleEndorsingSupportingTokens(aim);
        } catch (Exception e) {
            LOG.log(Level.FINE, e.getMessage(), e);
            throw new Fault(e);
        }
    } else {
        try {
            handleNonEndorsingSupportingTokens(aim);
        } catch (Exception e) {
            LOG.log(Level.FINE, e.getMessage(), e);
            throw new Fault(e);
        }
        if (tbinding != null) {
            assertPolicy(tbinding.getName());
            if (tbinding.getTransportToken() != null) {
                assertTokenWrapper(tbinding.getTransportToken());
                assertToken(tbinding.getTransportToken().getToken());
                try {
                    handleEndorsingSupportingTokens(aim);
                } catch (Exception e) {
                    LOG.log(Level.FINE, e.getMessage(), e);
                    throw new Fault(e);
                }
            }
        }
        addSignatureConfirmation(null);
    }
    configureLayout(aim);
    if (tbinding != null) {
        assertAlgorithmSuite(tbinding.getAlgorithmSuite());
        assertWSSProperties(tbinding.getName().getNamespaceURI());
        assertTrustProperties(tbinding.getName().getNamespaceURI());
    }
    assertPolicy(SP12Constants.SIGNED_PARTS);
    assertPolicy(SP11Constants.SIGNED_PARTS);
    assertPolicy(SP12Constants.ENCRYPTED_PARTS);
    assertPolicy(SP11Constants.ENCRYPTED_PARTS);
    putCustomTokenAfterSignature();
}
Also used : TransportToken(org.apache.wss4j.policy.model.TransportToken) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) TokenStoreException(org.apache.cxf.ws.security.tokenstore.TokenStoreException) Fault(org.apache.cxf.interceptor.Fault) SOAPException(javax.xml.soap.SOAPException) TokenStoreException(org.apache.cxf.ws.security.tokenstore.TokenStoreException) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Example 38 with AssertionInfoMap

use of org.apache.cxf.ws.policy.AssertionInfoMap in project cxf by apache.

the class SamlTokenInterceptor method addSamlToken.

private SamlAssertionWrapper addSamlToken(SamlToken token, SoapMessage message) throws WSSecurityException {
    // 
    // Get the SAML CallbackHandler
    // 
    Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_CALLBACK_HANDLER, message);
    CallbackHandler handler = null;
    if (o instanceof CallbackHandler) {
        handler = (CallbackHandler) o;
    } else if (o instanceof String) {
        try {
            handler = (CallbackHandler) ClassLoaderUtils.loadClass((String) o, this.getClass()).newInstance();
        } catch (Exception e) {
            handler = null;
        }
    }
    if (handler == null) {
        return null;
    }
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    SAMLCallback samlCallback = new SAMLCallback();
    SamlTokenType tokenType = token.getSamlTokenType();
    if (tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11) {
        samlCallback.setSamlVersion(Version.SAML_11);
        PolicyUtils.assertPolicy(aim, "WssSamlV11Token10");
        PolicyUtils.assertPolicy(aim, "WssSamlV11Token11");
    } else if (tokenType == SamlTokenType.WssSamlV20Token11) {
        samlCallback.setSamlVersion(Version.SAML_20);
        PolicyUtils.assertPolicy(aim, "WssSamlV20Token11");
    }
    SAMLUtil.doSAMLCallback(handler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    if (samlCallback.isSignAssertion()) {
        String issuerName = samlCallback.getIssuerKeyName();
        if (issuerName == null) {
            String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
            issuerName = (String) SecurityUtils.getSecurityPropertyValue(userNameKey, message);
        }
        String password = samlCallback.getIssuerKeyPassword();
        if (password == null) {
            password = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message);
            if (StringUtils.isEmpty(password)) {
                password = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PASSWORD, message);
            }
            if (StringUtils.isEmpty(password)) {
                password = getPassword(issuerName, token, WSPasswordCallback.SIGNATURE, message);
            }
        }
        Crypto crypto = samlCallback.getIssuerCrypto();
        if (crypto == null) {
            crypto = getCrypto(SecurityConstants.SIGNATURE_CRYPTO, SecurityConstants.SIGNATURE_PROPERTIES, message);
        }
        assertion.signAssertion(issuerName, password, crypto, samlCallback.isSendKeyValue(), samlCallback.getCanonicalizationAlgorithm(), samlCallback.getSignatureAlgorithm());
    }
    return assertion;
}
Also used : SamlTokenType(org.apache.wss4j.policy.model.SamlToken.SamlTokenType) CallbackHandler(javax.security.auth.callback.CallbackHandler) Crypto(org.apache.wss4j.common.crypto.Crypto) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Example 39 with AssertionInfoMap

use of org.apache.cxf.ws.policy.AssertionInfoMap in project cxf by apache.

the class SamlTokenInterceptor method addToken.

protected void addToken(SoapMessage message) {
    WSSConfig.init();
    SamlToken tok = (SamlToken) assertTokens(message);
    Header h = findSecurityHeader(message, true);
    try {
        SamlAssertionWrapper wrapper = addSamlToken(tok, message);
        if (wrapper == null) {
            AssertionInfoMap aim = message.get(AssertionInfoMap.class);
            Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SAML_TOKEN);
            for (AssertionInfo ai : ais) {
                if (ai.isAsserted()) {
                    ai.setAsserted(false);
                }
            }
            return;
        }
        Element el = (Element) h.getObject();
        el = (Element) DOMUtils.getDomElement(el);
        el.appendChild(wrapper.toDOM(el.getOwnerDocument()));
    } catch (WSSecurityException ex) {
        policyNotAsserted(tok, ex.getMessage(), message);
    }
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) SamlToken(org.apache.wss4j.policy.model.SamlToken) Header(org.apache.cxf.headers.Header) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Example 40 with AssertionInfoMap

use of org.apache.cxf.ws.policy.AssertionInfoMap in project cxf by apache.

the class AbstractCommonBindingHandler method assertPolicy.

protected void assertPolicy(QName name) {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    PolicyUtils.assertPolicy(aim, name);
}
Also used : AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Aggregations

AssertionInfoMap (org.apache.cxf.ws.policy.AssertionInfoMap)65 AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)44 QName (javax.xml.namespace.QName)15 SoapMessage (org.apache.cxf.binding.soap.SoapMessage)12 Message (org.apache.cxf.message.Message)10 ArrayList (java.util.ArrayList)9 PolicyException (org.apache.cxf.ws.policy.PolicyException)7 Fault (org.apache.cxf.interceptor.Fault)6 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)6 Element (org.w3c.dom.Element)6 Exchange (org.apache.cxf.message.Exchange)5 TokenStoreException (org.apache.cxf.ws.security.tokenstore.TokenStoreException)5 Policy (org.apache.neethi.Policy)5 Message (org.apache.cxf.common.i18n.Message)4 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)4 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)4 SOAPException (javax.xml.soap.SOAPException)3 Header (org.apache.cxf.headers.Header)3 PolicyAssertion (org.apache.cxf.ws.policy.PolicyAssertion)3 WSSecUsernameToken (org.apache.wss4j.dom.message.WSSecUsernameToken)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial