Search in sources :

Example 1 with WSSecUsernameToken

use of org.apache.ws.security.message.WSSecUsernameToken in project iaf by ibissource.

the class SoapWrapper method signMessage.

public String signMessage(String soapMessage, String user, String password) throws SenderException {
    try {
        WSSecurityEngine secEngine = WSSecurityEngine.getInstance();
        WSSConfig config = secEngine.getWssConfig();
        config.setPrecisionInMilliSeconds(false);
        // create context
        AxisClient tmpEngine = new AxisClient(new NullProvider());
        MessageContext msgContext = new MessageContext(tmpEngine);
        InputStream in = new ByteArrayInputStream(soapMessage.getBytes());
        Message msg = new Message(in);
        msg.setMessageContext(msgContext);
        // create unsigned envelope
        SOAPEnvelope unsignedEnvelope = msg.getSOAPEnvelope();
        Document doc = unsignedEnvelope.getAsDocument();
        // create security header and insert it into unsigned envelope
        WSSecHeader secHeader = new WSSecHeader();
        secHeader.insertSecurityHeader(doc);
        // add a UsernameToken
        WSSecUsernameToken tokenBuilder = new WSSecUsernameToken();
        tokenBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);
        tokenBuilder.setUserInfo(user, password);
        tokenBuilder.addNonce();
        tokenBuilder.addCreated();
        tokenBuilder.prepare(doc);
        WSSecSignature sign = new WSSecSignature();
        sign.setUsernameToken(tokenBuilder);
        sign.setKeyIdentifierType(WSConstants.UT_SIGNING);
        sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
        sign.build(doc, null, secHeader);
        tokenBuilder.prependToHeader(secHeader);
        // add a Timestamp
        WSSecTimestamp timestampBuilder = new WSSecTimestamp();
        timestampBuilder.setTimeToLive(300);
        timestampBuilder.prepare(doc);
        timestampBuilder.prependToHeader(secHeader);
        Document signedDoc = doc;
        return DOM2Writer.nodeToString(signedDoc);
    } catch (Exception e) {
        throw new SenderException(e);
    }
}
Also used : Message(org.apache.axis.Message) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) NullProvider(org.apache.axis.configuration.NullProvider) WSSecSignature(org.apache.ws.security.message.WSSecSignature) SOAPEnvelope(org.apache.axis.message.SOAPEnvelope) Document(org.w3c.dom.Document) WSSecTimestamp(org.apache.ws.security.message.WSSecTimestamp) TransformerException(javax.xml.transform.TransformerException) TransformerConfigurationException(javax.xml.transform.TransformerConfigurationException) DomBuilderException(nl.nn.adapterframework.util.DomBuilderException) IOException(java.io.IOException) ConfigurationException(nl.nn.adapterframework.configuration.ConfigurationException) SenderException(nl.nn.adapterframework.core.SenderException) WSSecHeader(org.apache.ws.security.message.WSSecHeader) WSSConfig(org.apache.ws.security.WSSConfig) AxisClient(org.apache.axis.client.AxisClient) ByteArrayInputStream(java.io.ByteArrayInputStream) WSSecurityEngine(org.apache.ws.security.WSSecurityEngine) MessageContext(org.apache.axis.MessageContext) SenderException(nl.nn.adapterframework.core.SenderException) WSSecUsernameToken(org.apache.ws.security.message.WSSecUsernameToken)

Example 2 with WSSecUsernameToken

use of org.apache.ws.security.message.WSSecUsernameToken in project OpenAM by OpenRock.

the class TokenSpecification method usernameTokenOnBehalfOfElement.

/**
     * @param username the UsernameToken username
     * @param password the UsernameToken password
     * @return A UsernameToken element to be used as the OnBehalfOf Element in a RequestSecurityToken defining the ISSUE
     * operation invocation.
     */
public static Element usernameTokenOnBehalfOfElement(String username, String password) {
    WSSecUsernameToken unt = new WSSecUsernameToken();
    unt.setUserInfo(username, password);
    unt.setPasswordType(WSConstants.PASSWORD_TEXT);
    unt.addCreated();
    Date expirationDate = new Date();
    expirationDate.setTime(System.currentTimeMillis() + (1000 * 60));
    try {
        Document document = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
        unt.prepare(document);
    } catch (ParserConfigurationException e) {
        throw new RuntimeException(e);
    }
    return unt.getUsernameTokenElement();
}
Also used : ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) Document(org.w3c.dom.Document) WSSecUsernameToken(org.apache.ws.security.message.WSSecUsernameToken) Date(java.util.Date)

Aggregations

WSSecUsernameToken (org.apache.ws.security.message.WSSecUsernameToken)2 Document (org.w3c.dom.Document)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 Date (java.util.Date)1 ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)1 TransformerConfigurationException (javax.xml.transform.TransformerConfigurationException)1 TransformerException (javax.xml.transform.TransformerException)1 ConfigurationException (nl.nn.adapterframework.configuration.ConfigurationException)1 SenderException (nl.nn.adapterframework.core.SenderException)1 DomBuilderException (nl.nn.adapterframework.util.DomBuilderException)1 Message (org.apache.axis.Message)1 MessageContext (org.apache.axis.MessageContext)1 AxisClient (org.apache.axis.client.AxisClient)1 NullProvider (org.apache.axis.configuration.NullProvider)1 SOAPEnvelope (org.apache.axis.message.SOAPEnvelope)1 WSSConfig (org.apache.ws.security.WSSConfig)1 WSSecurityEngine (org.apache.ws.security.WSSecurityEngine)1 WSSecHeader (org.apache.ws.security.message.WSSecHeader)1