Example 16 with WSPasswordCallback
use of org.apache.wss4j.common.ext.WSPasswordCallback in project tomee by apache.
the class CalculatorTest method testCalculatorViaWsInterface.
// END SNIPPET: setup
// START SNIPPET: webservice
public void testCalculatorViaWsInterface() throws Exception {
final Service calcService = Service.create(new URL("http://localhost:" + port + "/webservice-ws-security/CalculatorImpl?wsdl"), new QName("http://superbiz.org/wsdl", "CalculatorWsService"));
assertNotNull(calcService);
final CalculatorWs calc = calcService.getPort(CalculatorWs.class);
final Client client = ClientProxy.getClient(calc);
final Endpoint endpoint = client.getEndpoint();
endpoint.getOutInterceptors().add(new SAAJOutInterceptor());
final Map<String, Object> outProps = new HashMap<>();
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.USER, "jane");
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
outProps.put(WSHandlerConstants.PW_CALLBACK_REF, new CallbackHandler() {
@Override
public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException {
final WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
pc.setPassword("waterfall");
}
});
final WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
endpoint.getOutInterceptors().add(wssOut);
assertEquals(10, calc.sum(4, 6));
}
Also used :
SAAJOutInterceptor(org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
HashMap(java.util.HashMap)
QName(javax.xml.namespace.QName)
Service(javax.xml.ws.Service)
IOException(java.io.IOException)
URL(java.net.URL)
WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback)
Callback(javax.security.auth.callback.Callback)
Endpoint(org.apache.cxf.endpoint.Endpoint)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
WSS4JOutInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor)
Client(org.apache.cxf.endpoint.Client)
WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback)
Example 17 with WSPasswordCallback
use of org.apache.wss4j.common.ext.WSPasswordCallback in project cxf by apache.
the class UTPasswordCallback method handle.
/**
* Here, we attempt to get the password from the private
* alias/passwords map.
*/
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
String pass = passwords.get(pc.getIdentifier());
if (pass != null) {
pc.setPassword(pass);
return;
}
}
}
Also used :
WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback)
Example 18 with WSPasswordCallback
use of org.apache.wss4j.common.ext.WSPasswordCallback in project cxf by apache.
the class UTPasswordCallback method handle.
/**
* Here, we attempt to get the password from the private
* alias/passwords map.
*/
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
String pass = passwords.get(pc.getIdentifier());
if (pass != null) {
pc.setPassword(pass);
return;
}
}
}
Also used :
WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback)
Example 19 with WSPasswordCallback
use of org.apache.wss4j.common.ext.WSPasswordCallback in project cxf by apache.
the class STSStaxTokenValidator method validate.
@SuppressWarnings("unchecked")
@Override
public <T extends UsernameSecurityToken & InboundSecurityToken> T validate(UsernameTokenType usernameTokenType, TokenContext tokenContext) throws WSSecurityException {
// If the UsernameToken is to be used for key derivation, the (1.1)
// spec says that it cannot contain a password, and it must contain
// an Iteration element
final byte[] salt = XMLSecurityUtils.getQNameType(usernameTokenType.getAny(), WSSConstants.TAG_WSSE11_SALT);
PasswordString passwordType = XMLSecurityUtils.getQNameType(usernameTokenType.getAny(), WSSConstants.TAG_WSSE_PASSWORD);
final Long iteration = XMLSecurityUtils.getQNameType(usernameTokenType.getAny(), WSSConstants.TAG_WSSE11_ITERATION);
if (salt != null && (passwordType != null || iteration == null)) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "badTokenType01");
}
boolean handleCustomPasswordTypes = tokenContext.getWssSecurityProperties().getHandleCustomPasswordTypes();
boolean allowUsernameTokenNoPassword = tokenContext.getWssSecurityProperties().isAllowUsernameTokenNoPassword() || Boolean.parseBoolean((String) tokenContext.getWsSecurityContext().get(WSSConstants.PROP_ALLOW_USERNAMETOKEN_NOPASSWORD));
// Check received password type against required type
WSSConstants.UsernameTokenPasswordType requiredPasswordType = tokenContext.getWssSecurityProperties().getUsernameTokenPasswordType();
if (requiredPasswordType != null) {
if (passwordType == null || passwordType.getType() == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
WSSConstants.UsernameTokenPasswordType usernameTokenPasswordType = WSSConstants.UsernameTokenPasswordType.getUsernameTokenPasswordType(passwordType.getType());
if (requiredPasswordType != usernameTokenPasswordType) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
}
WSSConstants.UsernameTokenPasswordType usernameTokenPasswordType = WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE;
if (passwordType != null && passwordType.getType() != null) {
usernameTokenPasswordType = WSSConstants.UsernameTokenPasswordType.getUsernameTokenPasswordType(passwordType.getType());
}
final AttributedString username = usernameTokenType.getUsername();
if (username == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "badTokenType01");
}
final EncodedString encodedNonce = XMLSecurityUtils.getQNameType(usernameTokenType.getAny(), WSSConstants.TAG_WSSE_NONCE);
byte[] nonceVal = null;
if (encodedNonce != null && encodedNonce.getValue() != null) {
nonceVal = Base64.decodeBase64(encodedNonce.getValue());
}
final AttributedDateTime attributedDateTimeCreated = XMLSecurityUtils.getQNameType(usernameTokenType.getAny(), WSSConstants.TAG_WSU_CREATED);
String created = null;
if (attributedDateTimeCreated != null) {
created = attributedDateTimeCreated.getValue();
}
// Validate to STS if required
boolean valid = false;
final SoapMessage message = (SoapMessage) tokenContext.getWssSecurityProperties().getMsgContext();
if (alwaysValidateToSts) {
Element tokenElement = convertToDOM(username.getValue(), passwordType.getValue(), passwordType.getType(), usernameTokenType.getId());
validateTokenToSTS(tokenElement, message);
valid = true;
}
if (!valid) {
try {
if (usernameTokenPasswordType == WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST) {
if (encodedNonce == null || attributedDateTimeCreated == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "badTokenType01");
}
if (!WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING.equals(encodedNonce.getEncodingType())) {
throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_SECURITY_TOKEN, "badTokenType01");
}
verifyDigestPassword(username.getValue(), passwordType, nonceVal, created, tokenContext);
} else if (usernameTokenPasswordType == WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT || passwordType != null && passwordType.getValue() != null && usernameTokenPasswordType == WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE) {
verifyPlaintextPassword(username.getValue(), passwordType, tokenContext);
} else if (passwordType != null && passwordType.getValue() != null) {
if (!handleCustomPasswordTypes) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
verifyPlaintextPassword(username.getValue(), passwordType, tokenContext);
} else {
if (!allowUsernameTokenNoPassword) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
}
} catch (WSSecurityException ex) {
Element tokenElement = convertToDOM(username.getValue(), passwordType.getValue(), passwordType.getType(), usernameTokenType.getId());
validateTokenToSTS(tokenElement, message);
}
}
final String password;
if (passwordType != null) {
password = passwordType.getValue();
} else if (salt != null) {
WSPasswordCallback pwCb = new WSPasswordCallback(username.getValue(), WSPasswordCallback.USERNAME_TOKEN);
try {
WSSUtils.doPasswordCallback(tokenContext.getWssSecurityProperties().getCallbackHandler(), pwCb);
} catch (WSSecurityException e) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, e);
}
password = pwCb.getPassword();
} else {
password = null;
}
UsernameSecurityTokenImpl usernameSecurityToken = new UsernameSecurityTokenImpl(usernameTokenPasswordType, username.getValue(), password, created, nonceVal, salt, iteration, tokenContext.getWsSecurityContext(), usernameTokenType.getId(), WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
usernameSecurityToken.setElementPath(tokenContext.getElementPath());
usernameSecurityToken.setXMLSecEvent(tokenContext.getFirstXMLSecEvent());
return (T) usernameSecurityToken;
}
Also used :
WSSConstants(org.apache.wss4j.stax.ext.WSSConstants)
UsernameSecurityTokenImpl(org.apache.wss4j.stax.impl.securityToken.UsernameSecurityTokenImpl)
JAXBElement(javax.xml.bind.JAXBElement)
Element(org.w3c.dom.Element)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
AttributedString(org.apache.wss4j.binding.wss10.AttributedString)
EncodedString(org.apache.wss4j.binding.wss10.EncodedString)
PasswordString(org.apache.wss4j.binding.wss10.PasswordString)
AttributedDateTime(org.apache.wss4j.binding.wsu10.AttributedDateTime)
SoapMessage(org.apache.cxf.binding.soap.SoapMessage)
PasswordString(org.apache.wss4j.binding.wss10.PasswordString)
AttributedString(org.apache.wss4j.binding.wss10.AttributedString)
EncodedString(org.apache.wss4j.binding.wss10.EncodedString)
WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback)
Example 20 with WSPasswordCallback
use of org.apache.wss4j.common.ext.WSPasswordCallback in project cxf by apache.
the class ServerPasswordCallback method handle.
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
pc.setPassword("pass");
}
}
Also used :
WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback)
Aggregations
WSPasswordCallback (org.apache.wss4j.common.ext.WSPasswordCallback)69
Callback (javax.security.auth.callback.Callback)22
CallbackHandler (javax.security.auth.callback.CallbackHandler)20
IOException (java.io.IOException)17
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)14
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)11
ArrayList (java.util.ArrayList)8
HashMap (java.util.HashMap)8
WSS4JOutInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor)8
QName (javax.xml.namespace.QName)7
Endpoint (org.apache.cxf.endpoint.Endpoint)7
Test (org.junit.Test)7
URL (java.net.URL)6
Service (javax.xml.ws.Service)6
SAAJOutInterceptor (org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor)6
Client (org.apache.cxf.endpoint.Client)6
Crypto (org.apache.wss4j.common.crypto.Crypto)6
PrivateKey (java.security.PrivateKey)3
X509Certificate (java.security.cert.X509Certificate)3
DestroyFailedException (javax.security.auth.DestroyFailedException)3
