Examples with WSUsernameTokenPrincipal - org.apache.ws.security.WSUsernameTokenPrincipal

Example 1 with WSUsernameTokenPrincipal

use of org.apache.ws.security.WSUsernameTokenPrincipal in project nhin-d by DirectProject.

the class WSAuthenticationInInterceptor method handleMessage.

@SuppressWarnings("unchecked")
@Override
public /**
     * Extract the username/password from the incoming message, 
     * validate it, and store the user context where CXF can get at it.
     */
void handleMessage(SoapMessage message) throws Fault {
    try {
        // Let the WSS4J parent do it's thing first
        super.handleMessage(message);
        Vector<WSHandlerResult> results = (Vector<WSHandlerResult>) message.getContextualProperty(WSHandlerConstants.RECV_RESULTS);
        if (results != null && !results.isEmpty()) {
            for (WSHandlerResult result : results) {
                // loop through security engine results
                for (WSSecurityEngineResult securityResult : (Vector<WSSecurityEngineResult>) result.getResults()) {
                    int action = (Integer) securityResult.get(WSSecurityEngineResult.TAG_ACTION);
                    // Was this a usernametoken
                    if (action == WSConstants.UT) {
                        WSUsernameTokenPrincipal principal = (WSUsernameTokenPrincipal) securityResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
                        if (principal.getPassword() == null) {
                            principal.setPassword("");
                        }
                        Authentication auth = new UsernamePasswordAuthenticationToken(principal.getName(), principal.getPassword());
                        auth = getAuthenticationManager().authenticate(auth);
                        if (auth.isAuthenticated()) {
                            _log.info("Authentication succeeds for request: User: " + principal.getName());
                        } else {
                            _log.warn("Authentication failed for request:  User: " + principal.getName());
                        }
                        SecurityContextHolder.getContext().setAuthentication(auth);
                    }
                }
            }
        }
    } catch (RuntimeException ex) {
        _log.error("Runtime Exception caught:", ex);
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(null, null));
    }
}

Also used : Authentication(org.springframework.security.core.Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) WSUsernameTokenPrincipal(org.apache.ws.security.WSUsernameTokenPrincipal) Vector(java.util.Vector) WSHandlerResult(org.apache.ws.security.handler.WSHandlerResult) WSSecurityEngineResult(org.apache.ws.security.WSSecurityEngineResult)

Aggregations

Vector (java.util.Vector)1 WSSecurityEngineResult (org.apache.ws.security.WSSecurityEngineResult)1 WSUsernameTokenPrincipal (org.apache.ws.security.WSUsernameTokenPrincipal)1 WSHandlerResult (org.apache.ws.security.handler.WSHandlerResult)1 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1 Authentication (org.springframework.security.core.Authentication)1