Example 1 with UsernameTokenPrincipal
use of org.apache.wss4j.common.principal.UsernameTokenPrincipal in project ddf by codice.
the class AuthNStatementProvider method getStatement.
/*
* (non-Javadoc)
*
* @see
* org.apache.cxf.sts.token.provider.AuthenticationStatementProvider#getStatement(org.apache
* .cxf.sts.token.provider.TokenProviderParameters)
*/
@Override
public AuthenticationStatementBean getStatement(TokenProviderParameters providerParameters) {
AuthenticationStatementBean authBean = new AuthenticationStatementBean();
authBean.setSessionIndex(Integer.toString(secureRandom.nextInt()));
TokenRequirements tokenRequirements = providerParameters.getTokenRequirements();
ReceivedToken receivedToken = null;
if (tokenRequirements.getValidateTarget() != null) {
receivedToken = tokenRequirements.getValidateTarget();
} else if (tokenRequirements.getOnBehalfOf() != null) {
receivedToken = tokenRequirements.getOnBehalfOf();
} else if (tokenRequirements.getActAs() != null) {
receivedToken = tokenRequirements.getActAs();
} else if (tokenRequirements.getRenewTarget() != null) {
receivedToken = tokenRequirements.getRenewTarget();
}
if (receivedToken != null) {
Principal principal = receivedToken.getPrincipal();
if (principal instanceof UsernameTokenPrincipal) {
authBean.setAuthenticationMethod(SAML2Constants.AUTH_CONTEXT_CLASS_REF_PASSWORD_PROTECTED_TRANSPORT);
} else if (principal instanceof X500Principal) {
authBean.setAuthenticationMethod(SAML2Constants.AUTH_CONTEXT_CLASS_REF_X509);
} else if (principal instanceof KerberosPrincipal) {
authBean.setAuthenticationMethod(SAML2Constants.AUTH_CONTEXT_CLASS_REF_KERBEROS);
} else {
authBean.setAuthenticationMethod(SAML2Constants.AUTH_CONTEXT_CLASS_REF_UNSPECIFIED);
}
} else {
authBean.setAuthenticationMethod(SAML2Constants.AUTH_CONTEXT_CLASS_REF_UNSPECIFIED);
}
return authBean;
}
Also used :
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)
AuthenticationStatementBean(org.apache.wss4j.common.saml.bean.AuthenticationStatementBean)
X500Principal(javax.security.auth.x500.X500Principal)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Principal(java.security.Principal)
X500Principal(javax.security.auth.x500.X500Principal)
UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
Example 2 with UsernameTokenPrincipal
use of org.apache.wss4j.common.principal.UsernameTokenPrincipal in project jbossws-cxf by jbossws.
the class AuthenticationMgrSubjectCreatingInterceptor method handleMessage.
@Override
public void handleMessage(Message message) throws Fault {
JBossAuthenticationManager authenticationManger = message.get(JBossAuthenticationManager.class);
if (authenticationManger == null) {
return;
}
SecurityContext context = message.get(SecurityContext.class);
if (context == null || context.getUserPrincipal() == null) {
Loggers.SECURITY_LOGGER.userPrincipalNotAvailableOnCurrentMessage();
return;
}
SecurityToken token = message.get(SecurityToken.class);
Subject subject = null;
if (token != null) {
// Try authenticating using SecurityToken info
if (token.getTokenType() != TokenType.UsernameToken) {
throw Messages.MESSAGES.unsupportedTokenType(token.getTokenType());
}
UsernameToken ut = (UsernameToken) token;
subject = helper.createSubject(authenticationManger, ut.getName(), ut.getPassword(), ut.isHashed(), ut.getNonce(), ut.getCreatedTime());
} else {
// Try authenticating using WSS4J internal info (previously set into SecurityContext by WSS4JInInterceptor)
Principal p = context.getUserPrincipal();
if (!(p instanceof UsernameTokenPrincipal)) {
throw Messages.MESSAGES.couldNotGetSubjectInfo();
}
UsernameTokenPrincipal up = (UsernameTokenPrincipal) p;
subject = helper.createSubject(authenticationManger, up.getName(), up.getPassword(), up.isPasswordDigest(), up.getNonce(), up.getCreatedTime());
}
Principal principal = getPrincipal(context.getUserPrincipal(), subject);
message.put(SecurityContext.class, createSecurityContext(principal, subject));
}
Also used :
SecurityToken(org.apache.cxf.common.security.SecurityToken)
UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)
SecurityContext(org.apache.cxf.security.SecurityContext)
UsernameToken(org.apache.cxf.common.security.UsernameToken)
JBossAuthenticationManager(org.jboss.security.plugins.JBossAuthenticationManager)
Subject(javax.security.auth.Subject)
Principal(java.security.Principal)
UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)
Example 3 with UsernameTokenPrincipal
use of org.apache.wss4j.common.principal.UsernameTokenPrincipal in project cxf by apache.
the class WSS4JInOutTest method testEncryptedUsernameToken.
@Test
public void testEncryptedUsernameToken() throws Exception {
Map<String, Object> outProperties = new HashMap<>();
outProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.USERNAME_TOKEN + " " + ConfigurationConstants.ENCRYPTION);
outProperties.put(ConfigurationConstants.ENC_PROP_FILE, "outsecurity.properties");
outProperties.put(ConfigurationConstants.USER, "alice");
outProperties.put("password", "alicePassword");
outProperties.put(ConfigurationConstants.ENCRYPTION_USER, "myalias");
outProperties.put(ConfigurationConstants.ENCRYPTION_PARTS, "{Content}{" + WSS4JConstants.WSSE_NS + "}UsernameToken");
Map<String, Object> inProperties = new HashMap<>();
inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.USERNAME_TOKEN + " " + ConfigurationConstants.ENCRYPTION);
inProperties.put(ConfigurationConstants.DEC_PROP_FILE, "insecurity.properties");
inProperties.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback());
List<String> xpaths = new ArrayList<>();
xpaths.add("//wsse:Security");
SoapMessage inmsg = makeInvocation(outProperties, xpaths, inProperties);
List<WSHandlerResult> handlerResults = getResults(inmsg);
assertNotNull(handlerResults);
assertSame(handlerResults.size(), 1);
//
// This should contain exactly 2 protection results
//
final java.util.List<WSSecurityEngineResult> protectionResults = handlerResults.get(0).getResults();
assertNotNull(protectionResults);
assertSame(protectionResults.size(), 2);
final Principal p1 = (Principal) protectionResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
final Principal p2 = (Principal) protectionResults.get(1).get(WSSecurityEngineResult.TAG_PRINCIPAL);
assertTrue(p1 instanceof UsernameTokenPrincipal || p2 instanceof UsernameTokenPrincipal);
Principal utPrincipal = p1 instanceof UsernameTokenPrincipal ? p1 : p2;
SecurityContext securityContext = inmsg.get(SecurityContext.class);
assertNotNull(securityContext);
assertSame(securityContext.getUserPrincipal(), utPrincipal);
}
Also used :
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
SoapMessage(org.apache.cxf.binding.soap.SoapMessage)
UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)
SecurityContext(org.apache.cxf.security.SecurityContext)
Principal(java.security.Principal)
UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)
Test(org.junit.Test)
Example 4 with UsernameTokenPrincipal
use of org.apache.wss4j.common.principal.UsernameTokenPrincipal in project jbossws-cxf by jbossws.
the class SubjectCreatingPolicyInterceptor method handleMessage.
@Override
public void handleMessage(Message message) throws Fault {
Endpoint ep = message.getExchange().get(Endpoint.class);
SecurityDomainContext sdc = ep.getSecurityDomainContext();
SecurityContext context = message.get(SecurityContext.class);
if (context == null || context.getUserPrincipal() == null) {
Loggers.SECURITY_LOGGER.userPrincipalNotAvailableOnCurrentMessage();
return;
}
SecurityToken token = message.get(SecurityToken.class);
Subject subject = null;
if (token != null) {
// Try authenticating using SecurityToken info
if (token.getTokenType() != TokenType.UsernameToken) {
throw Messages.MESSAGES.unsupportedTokenType(token.getTokenType());
}
UsernameToken ut = (UsernameToken) token;
subject = createSubject(sdc, ut.getName(), ut.getPassword(), ut.isHashed(), ut.getNonce(), ut.getCreatedTime());
} else {
// Try authenticating using WSS4J internal info (previously set into SecurityContext by WSS4JInInterceptor)
Principal p = context.getUserPrincipal();
if (!(p instanceof UsernameTokenPrincipal)) {
throw Messages.MESSAGES.couldNotGetSubjectInfo();
}
UsernameTokenPrincipal up = (UsernameTokenPrincipal) p;
subject = createSubject(sdc, up.getName(), up.getPassword(), up.isPasswordDigest(), up.getNonce(), up.getCreatedTime());
}
Principal principal = getPrincipal(context.getUserPrincipal(), subject);
message.put(SecurityContext.class, createSecurityContext(principal, subject));
}
Also used :
SecurityToken(org.apache.cxf.common.security.SecurityToken)
Endpoint(org.jboss.wsf.spi.deployment.Endpoint)
UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)
SecurityContext(org.apache.cxf.security.SecurityContext)
DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext)
UsernameToken(org.apache.cxf.common.security.UsernameToken)
SecurityDomainContext(org.jboss.wsf.spi.security.SecurityDomainContext)
Subject(javax.security.auth.Subject)
Principal(java.security.Principal)
UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)
Example 5 with UsernameTokenPrincipal
use of org.apache.wss4j.common.principal.UsernameTokenPrincipal in project cxf by apache.
the class WSS4JTokenConverter method convertToken.
public static void convertToken(Message msg, Principal p) {
if (p instanceof UsernameTokenPrincipal) {
UsernameTokenPrincipal utp = (UsernameTokenPrincipal) p;
String nonce = null;
if (utp.getNonce() != null) {
nonce = Base64Utility.encode(utp.getNonce());
}
msg.put(org.apache.cxf.common.security.SecurityToken.class, new UsernameToken(utp.getName(), utp.getPassword(), utp.getPasswordType(), utp.isPasswordDigest(), nonce, utp.getCreatedTime()));
}
}
Also used :
UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)
UsernameToken(org.apache.cxf.common.security.UsernameToken)
Aggregations
UsernameTokenPrincipal (org.apache.wss4j.common.principal.UsernameTokenPrincipal)7
Principal (java.security.Principal)5
SecurityContext (org.apache.cxf.security.SecurityContext)4
Subject (javax.security.auth.Subject)3
UsernameToken (org.apache.cxf.common.security.UsernameToken)3
KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)2
X500Principal (javax.security.auth.x500.X500Principal)2
SecurityToken (org.apache.cxf.common.security.SecurityToken)2
DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)2
TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)2
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)2
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
LdapName (javax.naming.ldap.LdapName)1
Rdn (javax.naming.ldap.Rdn)1
SoapMessage (org.apache.cxf.binding.soap.SoapMessage)1
Header (org.apache.cxf.headers.Header)1
Fault (org.apache.cxf.interceptor.Fault)1
SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)1
KeyRequirements (org.apache.cxf.sts.request.KeyRequirements)1
