Search in sources :

Example 6 with PasswordString

use of org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString in project cxf by apache.

the class IssueOnbehalfofUnitTest method createUsernameToken.

private JAXBElement<UsernameTokenType> createUsernameToken(String name, String password) {
    UsernameTokenType usernameToken = new UsernameTokenType();
    AttributedString username = new AttributedString();
    username.setValue(name);
    usernameToken.setUsername(username);
    // Add a password
    if (password != null) {
        PasswordString passwordString = new PasswordString();
        passwordString.setValue(password);
        passwordString.setType(WSS4JConstants.PASSWORD_TEXT);
        JAXBElement<PasswordString> passwordType = new JAXBElement<PasswordString>(QNameConstants.PASSWORD, PasswordString.class, passwordString);
        usernameToken.getAny().add(passwordType);
    }
    return new JAXBElement<UsernameTokenType>(QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameToken);
}
Also used : PasswordString(org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString) AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString) UsernameTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType) JAXBElement(javax.xml.bind.JAXBElement)

Example 7 with PasswordString

use of org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString in project cxf by apache.

the class ValidateTokenTransformationUnitTest method createUsernameToken.

private JAXBElement<UsernameTokenType> createUsernameToken(String name, String password) {
    UsernameTokenType usernameToken = new UsernameTokenType();
    AttributedString username = new AttributedString();
    username.setValue(name);
    usernameToken.setUsername(username);
    // Add a password
    PasswordString passwordString = new PasswordString();
    passwordString.setValue(password);
    passwordString.setType(WSS4JConstants.PASSWORD_TEXT);
    JAXBElement<PasswordString> passwordType = new JAXBElement<PasswordString>(QNameConstants.PASSWORD, PasswordString.class, passwordString);
    usernameToken.getAny().add(passwordType);
    return new JAXBElement<UsernameTokenType>(QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameToken);
}
Also used : PasswordString(org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString) AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString) UsernameTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType) JAXBElement(javax.xml.bind.JAXBElement)

Example 8 with PasswordString

use of org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString in project cxf by apache.

the class UsernameTokenValidatorTest method testValidUsernameTokenText.

/**
 * Test a valid UsernameToken with password text
 */
@org.junit.Test
public void testValidUsernameTokenText() throws Exception {
    TokenValidator usernameTokenValidator = new UsernameTokenValidator();
    TokenValidatorParameters validatorParameters = createValidatorParameters();
    TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
    // Create a ValidateTarget consisting of a UsernameToken
    UsernameTokenType usernameToken = new UsernameTokenType();
    AttributedString username = new AttributedString();
    username.setValue("alice");
    usernameToken.setUsername(username);
    JAXBElement<UsernameTokenType> tokenType = new JAXBElement<UsernameTokenType>(QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameToken);
    ReceivedToken validateTarget = new ReceivedToken(tokenType);
    tokenRequirements.setValidateTarget(validateTarget);
    validatorParameters.setToken(validateTarget);
    assertTrue(usernameTokenValidator.canHandleToken(validateTarget));
    // This will fail as there is no password
    TokenValidatorResponse validatorResponse = usernameTokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
    // Add a password
    PasswordString password = new PasswordString();
    password.setValue("clarinet");
    password.setType(WSS4JConstants.PASSWORD_TEXT);
    JAXBElement<PasswordString> passwordType = new JAXBElement<PasswordString>(QNameConstants.PASSWORD, PasswordString.class, password);
    usernameToken.getAny().add(passwordType);
    validatorResponse = usernameTokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
    Principal principal = validatorResponse.getPrincipal();
    assertTrue(principal != null && principal.getName() != null);
}
Also used : UsernameTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType) JAXBElement(javax.xml.bind.JAXBElement) PasswordString(org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString) AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Principal(java.security.Principal)

Example 9 with PasswordString

use of org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString in project cxf by apache.

the class UsernameTokenValidatorTest method testValidUsernameTokenDigest.

/**
 * Test a valid UsernameToken with password digest
 */
@org.junit.Test
public void testValidUsernameTokenDigest() throws Exception {
    TokenValidator usernameTokenValidator = new UsernameTokenValidator();
    TokenValidatorParameters validatorParameters = createValidatorParameters();
    TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
    // Create a ValidateTarget consisting of a UsernameToken
    UsernameTokenType usernameToken = new UsernameTokenType();
    AttributedString username = new AttributedString();
    username.setValue("alice");
    usernameToken.setUsername(username);
    JAXBElement<UsernameTokenType> tokenType = new JAXBElement<UsernameTokenType>(QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameToken);
    // Create a WSS4J UsernameToken
    Document doc = DOMUtils.createDocument();
    UsernameToken ut = new UsernameToken(true, doc, WSS4JConstants.PASSWORD_DIGEST);
    ut.setName("alice");
    ut.setPassword("clarinet");
    ut.addNonce(doc);
    ut.addCreated(true, doc);
    // Add a password
    PasswordString password = new PasswordString();
    password.setValue(ut.getPassword());
    password.setType(WSS4JConstants.PASSWORD_DIGEST);
    JAXBElement<PasswordString> passwordType = new JAXBElement<PasswordString>(QNameConstants.PASSWORD, PasswordString.class, password);
    usernameToken.getAny().add(passwordType);
    // Add a nonce
    EncodedString nonce = new EncodedString();
    nonce.setValue(ut.getNonce());
    nonce.setEncodingType(WSS4JConstants.SOAPMESSAGE_NS + "#Base64Binary");
    JAXBElement<EncodedString> nonceType = new JAXBElement<EncodedString>(QNameConstants.NONCE, EncodedString.class, nonce);
    usernameToken.getAny().add(nonceType);
    // Add Created value
    String created = ut.getCreated();
    Element createdElement = doc.createElementNS(WSS4JConstants.WSU_NS, "Created");
    createdElement.setAttributeNS(WSS4JConstants.XMLNS_NS, "xmlns", WSS4JConstants.WSU_NS);
    createdElement.setTextContent(created);
    usernameToken.getAny().add(createdElement);
    ReceivedToken validateTarget = new ReceivedToken(tokenType);
    tokenRequirements.setValidateTarget(validateTarget);
    validatorParameters.setToken(validateTarget);
    assertTrue(usernameTokenValidator.canHandleToken(validateTarget));
    TokenValidatorResponse validatorResponse = usernameTokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
    Principal principal = validatorResponse.getPrincipal();
    assertTrue(principal != null && principal.getName() != null);
    // Expected failure on a bad password
    password.setValue("badpassword");
    validatorResponse = usernameTokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
}
Also used : UsernameTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken) JAXBElement(javax.xml.bind.JAXBElement) AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString) PasswordString(org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString) EncodedString(org.apache.cxf.ws.security.sts.provider.model.secext.EncodedString) Document(org.w3c.dom.Document) PasswordString(org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString) AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) EncodedString(org.apache.cxf.ws.security.sts.provider.model.secext.EncodedString) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Principal(java.security.Principal)

Aggregations

JAXBElement (javax.xml.bind.JAXBElement)9 AttributedString (org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString)9 PasswordString (org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString)9 UsernameTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType)9 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)3 TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)3 Principal (java.security.Principal)2 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 ArrayList (java.util.ArrayList)1 EncodedString (org.apache.cxf.ws.security.sts.provider.model.secext.EncodedString)1 UsernameToken (org.apache.wss4j.dom.message.token.UsernameToken)1 ParserConfigurator (org.codice.ddf.parser.ParserConfigurator)1 ParserException (org.codice.ddf.parser.ParserException)1 BaseAuthenticationToken (org.codice.ddf.security.handler.api.BaseAuthenticationToken)1 Document (org.w3c.dom.Document)1 Element (org.w3c.dom.Element)1