Examples with WSPasswordCallback org.apache.wss4j.common.ext.WSPasswordCallback used on opensource projects

Search in sources :

Example 26 with WSPasswordCallback

use of org.apache.wss4j.common.ext.WSPasswordCallback in project cxf by apache.

the class RSSecurityUtils method getSignaturePassword.

public static String getSignaturePassword(Message message, String userName, Class<?> callingClass) throws WSSecurityException {
    CallbackHandler handler = getCallbackHandler(message, callingClass);
    if (handler == null) {
        // See if we have a signature password we can use here instead
        return (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PASSWORD, message);
    }
    WSPasswordCallback[] cb = { new WSPasswordCallback(userName, WSPasswordCallback.SIGNATURE) };
    try {
        handler.handle(cb);
    } catch (Exception e) {
        return null;
    }
    // get the password
    String password = cb[0].getPassword();
    return password == null ? "" : password;
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback) IOException(java.io.IOException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 27 with WSPasswordCallback

use of org.apache.wss4j.common.ext.WSPasswordCallback in project cxf by apache.

the class AbstractBindingBuilder method getPassword.

protected String getPassword(String userName, Assertion info, int usage) {
    // Then try to get the password from the given callback handler
    Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message);
    final CallbackHandler handler;
    try {
        handler = SecurityUtils.getCallbackHandler(o);
        if (handler == null) {
            // Don't unassert for signature as we might get the password from the crypto properties
            if (usage == WSPasswordCallback.SIGNATURE) {
                LOG.info("No CallbackHandler available to retrieve a password. We will now try the crypto " + "properties file for a private password");
            } else {
                unassertPolicy(info, "No callback handler and no password available");
            }
            return null;
        }
    } catch (Exception ex) {
        // Don't unassert for signature as we might get the password from the crypto properties
        if (usage == WSPasswordCallback.SIGNATURE) {
            LOG.info("No CallbackHandler available to retrieve a password. We will now try the crypto " + "properties file for a private password");
        } else {
            unassertPolicy(info, "No callback handler and no password available");
        }
        return null;
    }
    WSPasswordCallback[] cb = { new WSPasswordCallback(userName, usage) };
    try {
        handler.handle(cb);
    } catch (Exception e) {
        unassertPolicy(info, e);
    }
    // get the password
    return cb[0].getPassword();
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) AttachmentCallbackHandler(org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler) WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback) SOAPException(javax.xml.soap.SOAPException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) XMLStreamException(javax.xml.stream.XMLStreamException) TokenStoreException(org.apache.cxf.ws.security.tokenstore.TokenStoreException) XPathExpressionException(javax.xml.xpath.XPathExpressionException)

Example 28 with WSPasswordCallback

use of org.apache.wss4j.common.ext.WSPasswordCallback in project cxf by apache.

the class AbstractTokenInterceptor method getPassword.

protected String getPassword(String userName, AbstractToken info, int usage, SoapMessage message) {
    // Then try to get the password from the given callback handler
    final CallbackHandler handler;
    try {
        Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message);
        handler = SecurityUtils.getCallbackHandler(o);
        if (handler == null) {
            policyNotAsserted(info, "No callback handler and no password available", message);
            return null;
        }
    } catch (Exception ex) {
        policyNotAsserted(info, "No callback handler and no password available", message);
        return null;
    }
    WSPasswordCallback[] cb = { new WSPasswordCallback(userName, usage) };
    try {
        handler.handle(cb);
    } catch (Exception e) {
        policyNotAsserted(info, e, message);
    }
    // get the password
    return cb[0].getPassword();
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback) PolicyException(org.apache.cxf.ws.policy.PolicyException)

Example 29 with WSPasswordCallback

use of org.apache.wss4j.common.ext.WSPasswordCallback in project cxf by apache.

the class KeystorePasswordCallback method handle.

/**
 * It attempts to get the password from the private
 * alias/passwords map.
 */
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
        if (pc.getUsage() == WSPasswordCallback.PASSWORD_ENCRYPTOR_PASSWORD) {
            pc.setPassword("this-is-a-secret");
        } else {
            String pass = passwords.get(pc.getIdentifier());
            if (pass != null) {
                pc.setPassword(pass);
                return;
            }
            pc.setPassword("password");
        }
    }
}
Also used : WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback)

Example 30 with WSPasswordCallback

use of org.apache.wss4j.common.ext.WSPasswordCallback in project cxf by apache.

the class TestPwdCallback method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
        String pass = passwords.get(pc.getIdentifier());
        if (pass != null) {
            pc.setPassword(pass);
        }
    }
}
Also used : WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback)

Aggregations

WSPasswordCallback (org.apache.wss4j.common.ext.WSPasswordCallback)69 Callback (javax.security.auth.callback.Callback)22 CallbackHandler (javax.security.auth.callback.CallbackHandler)20 IOException (java.io.IOException)17 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)14 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)11 ArrayList (java.util.ArrayList)8 HashMap (java.util.HashMap)8 WSS4JOutInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor)8 QName (javax.xml.namespace.QName)7 Endpoint (org.apache.cxf.endpoint.Endpoint)7 Test (org.junit.Test)7 URL (java.net.URL)6 Service (javax.xml.ws.Service)6 SAAJOutInterceptor (org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor)6 Client (org.apache.cxf.endpoint.Client)6 Crypto (org.apache.wss4j.common.crypto.Crypto)6 PrivateKey (java.security.PrivateKey)3 X509Certificate (java.security.cert.X509Certificate)3 DestroyFailedException (javax.security.auth.DestroyFailedException)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial