Examples with WSS4JOutInterceptor org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor used on opensource projects

Example 21 with WSS4JOutInterceptor

use of org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor in project cxf by apache.

the class JavaFirstPolicyServiceTest method testUsernameTokenInterceptorNoPasswordValidation.

@org.junit.Test
public void testUsernameTokenInterceptorNoPasswordValidation() {
    System.setProperty("testutil.ports.JavaFirstPolicyServer", PORT);
    ClassPathXmlApplicationContext ctx = new ClassPathXmlApplicationContext("org/apache/cxf/systest/ws/policy/javafirstclient.xml");
    JavaFirstAttachmentPolicyService svc = ctx.getBean("JavaFirstAttachmentPolicyServiceClient", JavaFirstAttachmentPolicyService.class);
    WSS4JOutInterceptor wssOut = addToClient(svc);
    // just some basic sanity tests first to make sure that auth is working where password is provided.
    wssOut.setProperties(getPasswordProperties("alice", "password"));
    svc.doInputMessagePolicy();
    wssOut.setProperties(getPasswordProperties("alice", "passwordX"));
    try {
        svc.doInputMessagePolicy();
        fail("Expected authentication failure");
    } catch (Exception e) {
    // expected
    }
    wssOut.setProperties(getNoPasswordProperties("alice"));
    try {
        svc.doInputMessagePolicy();
        fail("Expected authentication failure");
    } catch (Exception e) {
    // expected
    }
    ctx.close();
}

Example 22 with WSS4JOutInterceptor

use of org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor in project cxf by apache.

the class JavaFirstPolicyServiceTest method testBindingNoClientCertAlternativePolicy.

@Test
public void testBindingNoClientCertAlternativePolicy() {
    System.setProperty("testutil.ports.JavaFirstPolicyServer", PORT);
    ClassPathXmlApplicationContext clientContext = new ClassPathXmlApplicationContext(new String[] { "org/apache/cxf/systest/ws/policy/sslnocertclient.xml" });
    BindingSimpleService simpleService = clientContext.getBean("BindingSimpleServiceClient", BindingSimpleService.class);
    try {
        simpleService.doStuff();
        fail("Expected exception as no credentials");
    } catch (SOAPFaultException e) {
    // expected
    }
    WSS4JOutInterceptor wssOut = addToClient(simpleService);
    wssOut.setProperties(getNoPasswordProperties("alice"));
    try {
        simpleService.doStuff();
        fail("Expected exception as no password and no client cert");
    } catch (SOAPFaultException e) {
    // expected
    }
    wssOut.setProperties(getPasswordProperties("alice", "password"));
    simpleService.doStuff();
    clientContext.close();
}

Example 23 with WSS4JOutInterceptor

use of org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor in project cxf by apache.

the class HTTPGetTest method testSignedBodyTimestamp.

@org.junit.Test
public void testSignedBodyTimestamp() throws Exception {
    if (!TestUtilities.checkUnrestrictedPoliciesInstalled()) {
        return;
    }
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = HTTPGetTest.class.getResource("client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL wsdl = HTTPGetTest.class.getResource("DoubleItHTTPGet.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItSignBodyPort");
    DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
    updateAddressPort(port, PORT);
    Map<String, Object> outProps = new HashMap<>();
    outProps.put("action", "Timestamp Signature");
    outProps.put("signaturePropFile", "alice.properties");
    outProps.put("user", "alice");
    outProps.put("passwordCallbackClass", "org.apache.cxf.systest.ws.common.KeystorePasswordCallback");
    outProps.put("signatureParts", "{}{http://schemas.xmlsoap.org/soap/envelope/}Body;" + "{}{http://docs.oasis-open.org/wss/2004/01/oasis-" + "200401-wss-wssecurity-utility-1.0.xsd}Timestamp;");
    bus.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));
    int result = port.doubleIt(25);
    assertEquals(result, 50);
    bus.shutdown(true);
}

Example 24 with WSS4JOutInterceptor

use of org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor in project fuse-karaf by jboss-fuse.

the class CustomSecurityInterceptor method handleMessage.

/**
 * This is the actual implementation for our interceptor - we define the necessary properties for doing the authentication
 * and then iterate over the rest of the interceptor chain to find the WSS4J interceptor and configure it properly.
 */
public void handleMessage(Message message) throws Fault {
    /*
         * Define the configuration properties
         */
    Map<String, Object> outProps = new HashMap<String, Object>();
    outProps.put("action", "UsernameToken");
    outProps.put("passwordType", "PasswordText");
    /*
         * The username ('admin') is provided as a literal, the corresponding password will be determined by the client
         * password callback object.
         */
    outProps.put("user", "admin");
    outProps.put("passwordCallbackClass", ClientPasswordCallback.class.getName());
    /*
         * Find the WSS4J interceptor in the interceptor chain and set the configuration properties
         */
    for (Interceptor interceptor : message.getInterceptorChain()) {
        // set properties for WSS4JOutInterceptor
        if (interceptor.getClass().getName().equals("org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor")) {
            ((WSS4JOutInterceptor) interceptor).setProperties(outProps);
        }
    }
}

Example 25 with WSS4JOutInterceptor

use of org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor in project fuse-karaf by jboss-fuse.

the class SecureSoapTest method sendRequest.

@Test
public void sendRequest() throws Exception {
    /*
         * Set up the JaxWsFactoryBean to access our client:
         * - the Java interface defining the service
         * - the HTTP address for the service
         */
    JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
    factory.setServiceClass(HelloWorld.class);
    factory.setAddress("http://localhost:8181/cxf/HelloWorldSecurity");
    /*
         * Obtain a proxy, implementing the service interface, to access the remote interface.
         * It will allow you to easily perform the HTTP SOAP request from Java code.
         */
    HelloWorld client = (HelloWorld) factory.create();
    /*
         * Add the extra configuration and interceptors required for the authentication
         */
    Map<String, Object> outProps = new HashMap<String, Object>();
    outProps.put("action", "UsernameToken");
    ClientProxy.getClient(client).getOutInterceptors().add(new CustomSecurityInterceptor());
    ClientProxy.getClient(client).getOutInterceptors().add(new WSS4JOutInterceptor());
    /*
         * Calling sayHi() on on the client object will actually perform an HTTP SOAP request instead behind the scenes
         * and returns the resulting response.
         */
    String ret = client.sayHi("World");
    LOG.info("result: " + ret);
    assertEquals("Hello World", ret);
}