Search in sources :

Example 1 with EncodedString

use of org.apache.cxf.ws.security.sts.provider.model.secext.EncodedString in project cxf by apache.

the class UsernameTokenValidatorTest method testValidUsernameTokenDigest.

/**
 * Test a valid UsernameToken with password digest
 */
@org.junit.Test
public void testValidUsernameTokenDigest() throws Exception {
    TokenValidator usernameTokenValidator = new UsernameTokenValidator();
    TokenValidatorParameters validatorParameters = createValidatorParameters();
    TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
    // Create a ValidateTarget consisting of a UsernameToken
    UsernameTokenType usernameToken = new UsernameTokenType();
    AttributedString username = new AttributedString();
    username.setValue("alice");
    usernameToken.setUsername(username);
    JAXBElement<UsernameTokenType> tokenType = new JAXBElement<UsernameTokenType>(QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameToken);
    // Create a WSS4J UsernameToken
    Document doc = DOMUtils.createDocument();
    UsernameToken ut = new UsernameToken(true, doc, WSS4JConstants.PASSWORD_DIGEST);
    ut.setName("alice");
    ut.setPassword("clarinet");
    ut.addNonce(doc);
    ut.addCreated(true, doc);
    // Add a password
    PasswordString password = new PasswordString();
    password.setValue(ut.getPassword());
    password.setType(WSS4JConstants.PASSWORD_DIGEST);
    JAXBElement<PasswordString> passwordType = new JAXBElement<PasswordString>(QNameConstants.PASSWORD, PasswordString.class, password);
    usernameToken.getAny().add(passwordType);
    // Add a nonce
    EncodedString nonce = new EncodedString();
    nonce.setValue(ut.getNonce());
    nonce.setEncodingType(WSS4JConstants.SOAPMESSAGE_NS + "#Base64Binary");
    JAXBElement<EncodedString> nonceType = new JAXBElement<EncodedString>(QNameConstants.NONCE, EncodedString.class, nonce);
    usernameToken.getAny().add(nonceType);
    // Add Created value
    String created = ut.getCreated();
    Element createdElement = doc.createElementNS(WSS4JConstants.WSU_NS, "Created");
    createdElement.setAttributeNS(WSS4JConstants.XMLNS_NS, "xmlns", WSS4JConstants.WSU_NS);
    createdElement.setTextContent(created);
    usernameToken.getAny().add(createdElement);
    ReceivedToken validateTarget = new ReceivedToken(tokenType);
    tokenRequirements.setValidateTarget(validateTarget);
    validatorParameters.setToken(validateTarget);
    assertTrue(usernameTokenValidator.canHandleToken(validateTarget));
    TokenValidatorResponse validatorResponse = usernameTokenValidator.validateToken(validatorParameters);
    assertNotNull(validatorResponse);
    assertNotNull(validatorResponse.getToken());
    assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
    Principal principal = validatorResponse.getPrincipal();
    assertTrue(principal != null && principal.getName() != null);
    // Expected failure on a bad password
    password.setValue("badpassword");
    validatorResponse = usernameTokenValidator.validateToken(validatorParameters);
    assertNotNull(validatorResponse);
    assertNotNull(validatorResponse.getToken());
    assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
}
Also used : UsernameTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken) JAXBElement(javax.xml.bind.JAXBElement) AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString) PasswordString(org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString) EncodedString(org.apache.cxf.ws.security.sts.provider.model.secext.EncodedString) Document(org.w3c.dom.Document) PasswordString(org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString) AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) EncodedString(org.apache.cxf.ws.security.sts.provider.model.secext.EncodedString) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Principal(java.security.Principal)

Aggregations

Principal (java.security.Principal)1 JAXBElement (javax.xml.bind.JAXBElement)1 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)1 TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)1 AttributedString (org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString)1 EncodedString (org.apache.cxf.ws.security.sts.provider.model.secext.EncodedString)1 PasswordString (org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString)1 UsernameTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType)1 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)1 UsernameToken (org.apache.wss4j.dom.message.token.UsernameToken)1 Document (org.w3c.dom.Document)1 Element (org.w3c.dom.Element)1